Paubox Weekly: Roper St. Francis agrees to $1.5M settlement following data breach

Hello world,

Today’s Paubox Weekly is 770 words - a 3 minute read.

Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly. 

1. Roper St. Francis agrees to $1.5M settlement following data breach

Roper St. Francis Healthcare, a hospital network with over 117 facilities, faced a massive data breach. The attacker accessed email accounts through phishing and impacted approximately 189,761 patients.

Going deeper: Unfortunately for Roper, this is far from the first data breach the hospital network has faced. The hospital network has faced several other breaches in recent years, and a lawsuit alleges that the trend shows continued carelessness.

Is phishing considered a preventable attack vector?

2. Coffee with Joe Oliveri (Easter Seals Louisiana) in New Orleans

Paubox CEO Hoala Greevy caught up with Joe Oliveri of Easter Seals Louisiana over coffee in New Orleans.

About Easter Seals: Joe is the COO and CFO of Easter Seals Louisiana. Their mission is to change the way the world defines and views disabilities by making profound, positive differences in people's lives every day.

About the art: Joe gave Hoala an art piece from one of their autistic clients. Mahalo!

What was said: It made Hoala's day when Joe said, "we don't have to turn the encryption on."

Visiting customers is one of the best parts of the job

3. HHS seeks payers' input on Change cyberattack response

The recent cyberattack on Change Healthcare has prompted the HHS to seek input from payers on how to effectively respond to such incidents.

What was said: AMA president Dr. Ehrenfeld slammed insurer group AHIP's inaction. “It is dumbfounding that following weeks of silence and a lack of assistance to struggling practices in the wake of the Change Healthcare cyberattack, AHIP's response is a 'business as usual' approach to prior authorization.”

Service outages have worsened administrative burdens

4. Paubox Texting, HIPAA and TCPA: Paubox Zoom social mixer (March 2024)

The Paubox Zoom social mixer for March 2024 began with a presentation on texting, HIPAA compliance, and TCPA.

Our takeaways:

• Text messages are a “push” technology and exhibit very high open rates
• Text messages that deliver medical-related messages are subject to TCPA regulations
• Certain healthcare treatment purposes are exempted from the TCPA’s consent rules

98% of patients like text message communication

5. Phishing kit that bypasses MFA targets Gmail and Microsoft 365

Cybercriminals are using Tycoon 2FA to bypass 2FA in Microsoft 365 and Gmail software.

What happened: The use of the new phishing-as-a-service platform is gaining popularity among cybercriminals targeting Microsoft 365 and Gmail accounts in an attempt to bypass two-factor authentication (2FA) protection.

The server in the middle captures session cookies

6. OCR updates guidance on online tracking for HIPAA entities

The Office for Civil Rights updated guidance on the use of online tracking technologies by covered entities.

What happened: This update came in response to criticism and legal challenges, including a lawsuit filed by the American Hospital Association (AHA) and other healthcare organizations last November.

The AHA is still dissatisfied with the updates

Community links

• Littleton Regional Healthcare announces data breach. Link
• University of Tennesee suffers data breach. Link
• Using email for mental health support among healthcare workers. Link
• HIPAA compliant email templates: Personalizing patient communication. Link
• How HIPAA compliant emails and texts can help smoking cessation. Link
• Why is encryption of HIPAA compliant emails important to protect ePHI? Link
• Applying marketing segmentation to HIPAA compliant email marketing. Link
• Paubox Kahikina Scholarship Recipient 2021: Taysia Morioka. Link
• Using AI to craft HIPAA compliant emails. Link
• Summary: OCR's bulletin on online tracking by HIPAA covered entities. Link
• How personalized emails can help patients with anxiety disorders. Link
• A guide to email security risk assessment
  HIPAA Breach Report for March 2024. Link

January HIPAA Breach Report

• Network server breaches affected the most people in January 2024. 4,911,468 individuals had their data breached.
• Email breaches were the second most common breach, with 109,663 people affected.
• Other breaches affected 59,705 people, the third most common breach type.

Read the full breach report

Good reads from around the web

• Thousands of servers hacked in ongoing attack targeting Ray AI framework. Link
• CISA warns: Hackers actively attacking microsoft SharePoint vulnerability. Link
• “Trends in Healthcare Payments” annual report. Link
• What Change Healthcare and the postal service can tell us about the coming platform revolution. Link
• HIPAA: Why it matters more each day for HIV. Link

What happened last week