2 min read

Paubox Weekly: Email security breaches expose patient data at 2 major healthcare institutions

Picture of Dean Levitt Dean Levitt May 31, 2024

Healthcare cybersecurity news
Google search homepage on Samsung tablet

Hello world,

Today’s Paubox Weekly is 554 words - a 2 minute read.

Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly. 

 

1. Email security breaches expose patient data at 2 major healthcare institutions

Binary code in red and orange tones representing a data breach or cybersecurity threat

Email security breaches at Children’s Health Care in Minnesota and the Los Angeles County Department of Mental Health exposed the protected health information (PHI) of thousands of patients.

What happenedThe compromised information includes names, medical record numbers, and treatment details, raising concerns about patient privacy.

Train staff to prioritize email security


 

 

Learn more about the $100 Paubox referral credit

 

 

2. Healthcare marketing and AI - 2024 NESHCo Annual Conference

Paubox team at the 2024 NESHCo Annual Conference booth in Newport, RI

The Paubox team is in Newport, RI, for the 2024 NESHCo Annual Conference hosted by the New England Society for Healthcare Communications.

In the know: A hot topic of discussion at NESHCo was the ever-increasing threat of cyberattacks and crisis communication in the wake of the Change Healthcare debacle.

Healthcare marketing demands continuous innovation

 

 

3. Providers seek clarity on Change Healthcare data breach reporting

Change Healthcare logo

As the healthcare industry deals with the fallout of the Change Healthcare data breach, providers are urgently seeking clarity from the HHS on their obligations regarding breach reporting and patient notification. 

Why it matters: One of the primary concerns raised by provider groups is the potential for duplicate notifications, which could confuse and overwhelm patients. 

Who should handle the breach notifications?


 

Start a free Paubox Forms trial

 

 

4. How threat actors exploit email address verification in healthcare

Envelope with medical briefcase and caduceus symbols representing secure healthcare email

Threat actors use email address verification to ensure their spoofed emails appear legitimate and are more likely to reach and deceive recipients by mimicking trusted healthcare provider names.

Go deeper: Using email address verification tools, they compile lists of valid email addresses, ensuring their emails reach real users rather than bouncing back due to invalid addresses.

Impersonates legitimate organizations, including healthcare providers


 

5. Slack used customer data to train AI models without permission

Slack logo

Slack, a cloud-based team communication platform, was caught using users' data and information to train its AI tools without explicit consent.

Why it matters: Slack was supposed to obtain consent from the users after telling them how their data would be used. Slack’s use of its customer data without obtaining consent violates users' data privacy rights.

Slack’s response indicated a breach of promise to customers


 

Community links

  • CMS final rule mandates minimum staffing standard for nursing homes. Link
  • 560 million users' data exposed in Ticketmaster breach. Link
  • Case against Hopkins doctors that shared PHI with Russia dismissed. Link
  • HIPAA compliant newsletter tips and best practices. Link
  • Combating phishing in healthcare. Link
  • What is explicit consent? Link
  • The impact of buffer overflow attacks against email. Link
  • How credential stuffing influences healthcare. Link
  • How to prevent an SQL injection. Link
  • Learning to spot and avoid common health scams. Link
  • The role of Health Information Organizations (HIOs) in PHI amendments. Link
  • HIPAA and patient consent in emergency medical services (EMS). Link

 

Good reads from around the web

  • Meet 24 startups advancing healthcare with AI. Link
  • Ascension and Change Healthcare are not the news. Link
  • Overcoming struggles to define algorithmic fairness in healthcare. Link
  • Healthcare lags other sectors in cybersecurity. Link
  • Congress shows concern for healthcare cyber attacks. Link

What happened last week
Secure every email you send and receive HIPAA compliant. Threat-proof. Hassle-free.
Paubox HIPAA Email Breach graphic

The Children's Hospital of Philadelphia suffers HIPAA email breach

Seiji Iwasaki : October 31, 2018

On October 23, 2018, The Children's Hospital of Philadelphia submitted a HIPAA Email Breach to the U.S. Department of Health and Human Services...

Healthcare cybersecurity news
Read More
Children's Pediatric Hospital building exterior

Children's Pediatric Hospital fined $3.2 million

Evan Fitzgerald : February 2, 2017

Children’s Pediatric Hospital in Dallas, Texas has paid a fine of $3.2 million in accordance to several breaches of the Health Insurance Portability...

Healthcare cybersecurity news
Read More
Boston Children's Health Physicians logo

Learning from the Boston Children’s Health Physicians' ransomware attack

Picture of Tshedimoso Makhene Tshedimoso Makhene : October 28, 2024

Ransomware gang BianLian recently targeted Boston Children’s Health Physicians (BCHP), a pediatric group operating in New York and Connecticut, by...

Healthcare cybersecurity news
Read More

Subscribe to Paubox Weekly

Every Friday we bring you the most important news from Paubox. Our aim is to make you smarter, faster.