On October 3, 2024, the Office for Civil Rights (OCR) announced Providence Medical Institute (PMI) in Southern California was ordered to pay $240,000 because of a ransomware breach investigation. What makes this announcement unique compared to other OCR investigations is that, in a rare move, the paymen...
Artificial Intelligence (AI) is transforming all industries, and healthcare is no exception. While AI may seem like a recent phenomenon, its foundations date back many decades to the 1950s. Since its inception, AI has slowly grown until recently, when the technology reached a tipping point, making AI far more...
The healthcare sector was dealt another blow on February 21, 2024, when Change Healthcare, a division of Optum and a subsidiary of UnitedHealth Group Incorporated, fell victim to a cyberattack. The company disclosed that the attack compromised customer data and disrupted operations, leading to a shutdown of c...
In September 2023, MGM Resorts International and Caesars Entertainment reported they were victims of a cyberattack. The attack disrupted operations for multiple MGM properties for an extended period of time and ultimately cost the company an estimated $100 million[1]. Caesars Entertainment paid $15 million of...
The use of website tracking technology, such as the Meta Pixel, in the healthcare industry continues to garner media attention. A prior Sentinel article in February 2023 provided information about the risk posed by website tracking technology, and a May 2023 article provided additional information on th...
Recent events have drawn attention to the widespread use of online trackers and raised privacy concerns for healthcare organizations. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has issued a bulletin following filed complaints, class action lawsuits, breach notifications, a...
We are seeing hundreds of healthcare providers and other businesses targeted by class action lawsuits across the country, alleging the unauthorized disclosure of personally identifiable information (PII) and personal health information (PHI), and seeking civil damages for each disclosure. PII and PHI was...
It is a new year, and criminals are consistently coming up with new cyber threats. Now is a perfect time for practices to review and update their cybersecurity programs. Over the last two years, we have focused on providing cyber articles and resources to assist our policyholders with cybersecurity.&nbs...
Scenario: It is Friday afternoon, and the physician is working on a stack of documents requesting his signature. Most are routine requests, but one in particular draws his attention. It is seemingly from a national pharmacy requesting the practice confirm an active patient and indicates it is purs...
Health Information Accessibility, Interoperability, and Information Blocking While there were likely earlier efforts, the policy of increasing health information exchangeability and system interoperability was stated over 25 years ago in the enactment of the Health Insurance Portability and Accountability Ac...
A practice does not need to implement the most expensive technology or hire full-time IT staff in order to comply with the HIPAA Security Rule. So long as policies and procedures, technology, and physical safeguards which are appropriate for the size of the practice are put in place, compliance is achievable....
No matter how small, every medical practice likely has multiple vendors upon whom the practice relies for its everyday operations. Larger medical practices may have arrangements with dozens of third parties providing an array of services ranging from administrative support to x-ray machine service. With the n...
Physician offices, hospitals, banks and even pipeline companies; nearly every day, there is a story somewhere about a data breach impacting these types of organizations. What is not as well publicized, however, are the much more frequent security incidents that impact any organization that has an inform...
You don't have to look far to find a company that's experienced a cyberattack. The healthcare industry has certainly seen their fair share of attacks throughout 2021. Large hospitals, small clinics, and cloud based electronic medical record (EMR) solutions are included in the growing list of organizations fal...
As a value-added benefit of your SVMIC professional liability policy, you and your practice are provided with $50,000 of cybersecurity coverage (with the option to purchase more coverage). This coverage, although provided by SVMIC, is written and administered by Tokio Marine Houston Casualty Company, re...
We are a society that greatly depends on technology. Regardless of industry, all organizations rely on computers to conduct all manner of business operations. Additionally, your medical practice depends on computers and software to provide medical care to patients. Before computers, these processes were once ...
Cybersecurity is a topic that physicians and their staff cannot ignore. Ransomware, data breaches, distributed denial of service (DDoS) attacks, and email fraud are just a few of the cybersecurity issues that can cause financial and reputational damage to any organization. In healthcare, the impact of a cyber...
On May 7, 2021, the U.S. felt firsthand the consequences of a ransomware attack when the Colonial Pipeline Company was hacked by the criminal cybergroup DarkSide. This hack disrupted a major infrastructure system and caused panic for many Americans. Even though Colonial Pipeline paid the $4.4 million ra...
It is difficult to make it through an entire week without a new cyberattack making the news. The FBI reported in their 2020 Internet Crime Report 791,790 complaints regarding cybercrime last year, representing an increase of more than 300,000 over 2019. The reported losses from these crimes exceeded $4....
2020 was a difficult year, unprecedented in many ways. As organizations across all industries scrambled to implement work-from-home strategies, healthcare organizations faced the COVID-19 pandemic head on. Hospitals and medical practices focused on caring for patients, but sadly cybercriminals pou...
A recently discovered vulnerability[1] in Microsoft’s popular Exchange email server puts companies using this application at extreme risk. Security researchers have dubbed this event Hafnium, named after the Chinese-based espionage group first seen attacking servers. Once compromised, multip...
The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. It was day that began like any other for Dr. Sandra Lynn, an internal medicine doctor and the head of a multi-specialty clinic made up...
The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. What images do the terms “security breach” or “privacy breach” conjure up when you see them? Most people think...
The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. Springtime in Arkansas brought pleasant temperatures as well as lots of mold and pollen, especially after the mild, wet winter. As a r...
The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. David[1], an employee of Dr. Jerome’s medical practice, was in college studying to become an IT Specialist. David was hired to m...
The following article is based upon an actual claim situation experienced by an SVMIC policyholder. The details have been altered to protect our policyholder’s privacy. When Mandy*, the receptionist at the small rural medical practice of Dr. Smith, saw that the message light on the phone was blinking, ...
Looking ahead to 2018, cybercriminals will redouble their efforts to steal personal health information (PHI). The number of ransomware attacks has steadily risen for the last few years, and there is no indication that it will slow anytime soon. Reliance upon technology in healthcare continues to grow, providi...
It seems that another cyber attack is in the news every week. Cyber criminals are trying to acquire personal information at an alarming rate, and the healthcare industry is a particular target. Patients’ protected health information (PHI) often contains birthdates and social security numbers, and ...
With all of the security breaches in the news recently, many medical practices have taken extra steps to keep their patient records safe. Employee training and awareness, installation of virus and malware protection, regular data back-up, purchase of a cybersecurity insurance policy, and hiring an IT person t...
Over the past decade, rapid advancements in technology have enabled a vast and expansive digital economy. As a result, medical practices of all sizes are using a broad range of personal and company-issued devices to keep employees connected to each other and to their workplace. But as connectivity grows, so t...
Cybersecurity continues to rise towards the top of the list of concerns for businesses and medical practices. Consequently, cybersecurity insurance protection is also becoming more and more important. Along with the basic cybersecurity insurance limits ($50,000) provided by SVMIC at no additional premiu...
Current headlines contain many stories of cyber-attacks, including data breaches and ransom malware, more commonly known as ransomware. Once your practice is hit by a cyber-attack, you’ll want to be able to quickly diminish the damages inflicted on your practice and your patients. Such damages inc...
Our team is here to answer any questions you might have or to help you fill out a quote application.
