2 min read
Paubox Weekly: Email security breaches expose patient data at 2 major healthcare institutions
Dean Levitt May 31, 2024
Hello world,
Today’s Paubox Weekly is 554 words - a 2 minute read.
Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly.
1. Email security breaches expose patient data at 2 major healthcare institutions
Email security breaches at Children’s Health Care in Minnesota and the Los Angeles County Department of Mental Health exposed the protected health information (PHI) of thousands of patients.
What happened: The compromised information includes names, medical record numbers, and treatment details, raising concerns about patient privacy.
Train staff to prioritize email security
2. Healthcare marketing and AI - 2024 NESHCo Annual Conference
The Paubox team is in Newport, RI, for the 2024 NESHCo Annual Conference hosted by the New England Society for Healthcare Communications.
In the know: A hot topic of discussion at NESHCo was the ever-increasing threat of cyberattacks and crisis communication in the wake of the Change Healthcare debacle.
Healthcare marketing demands continuous innovation
3. Providers seek clarity on Change Healthcare data breach reporting
As the healthcare industry deals with the fallout of the Change Healthcare data breach, providers are urgently seeking clarity from the HHS on their obligations regarding breach reporting and patient notification.
Why it matters: One of the primary concerns raised by provider groups is the potential for duplicate notifications, which could confuse and overwhelm patients.
Who should handle the breach notifications?
4. How threat actors exploit email address verification in healthcare
Threat actors use email address verification to ensure their spoofed emails appear legitimate and are more likely to reach and deceive recipients by mimicking trusted healthcare provider names.
Go deeper: Using email address verification tools, they compile lists of valid email addresses, ensuring their emails reach real users rather than bouncing back due to invalid addresses.
Impersonates legitimate organizations, including healthcare providers
5. Slack used customer data to train AI models without permission
Slack, a cloud-based team communication platform, was caught using users' data and information to train its AI tools without explicit consent.
Why it matters: Slack was supposed to obtain consent from the users after telling them how their data would be used. Slack’s use of its customer data without obtaining consent violates users' data privacy rights.
Community links
- CMS final rule mandates minimum staffing standard for nursing homes. Link
- 560 million users' data exposed in Ticketmaster breach. Link
- Case against Hopkins doctors that shared PHI with Russia dismissed. Link
- HIPAA compliant newsletter tips and best practices. Link
- Combating phishing in healthcare. Link
- What is explicit consent? Link
- The impact of buffer overflow attacks against email. Link
- How credential stuffing influences healthcare. Link
- How to prevent an SQL injection. Link
- Learning to spot and avoid common health scams. Link
- The role of Health Information Organizations (HIOs) in PHI amendments. Link
- HIPAA and patient consent in emergency medical services (EMS). Link
Good reads from around the web
- Meet 24 startups advancing healthcare with AI. Link
- Ascension and Change Healthcare are not the news. Link
- Overcoming struggles to define algorithmic fairness in healthcare. Link
- Healthcare lags other sectors in cybersecurity. Link
- Congress shows concern for healthcare cyber attacks. Link
What happened last week
Subscribe to Paubox Weekly
Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.