Premera Blue Cross agreed to pay HHS' Office for Civil Rights $6.85 million to settle potential violations related to a HIPAA breach that affected more than 10.4 million people.

Here are the healthcare provider malware, ransomware and phishing incidents Becker's Hospital Review reported on during September.

Danville, Pa.-based Geisinger launched a digital information hub to combat telephone scams and make it easier for patients and health plan members to protect personal information.

North Platte, Neb.-based Great Plains Health is unable to access its EHR due to a computer system outage at Omaha-based Nebraska Medicine, according to a report in The North Platte Telegraph.

A Community Hospital Systems' entity that provides business associate services to hospitals and clinics agreed to settle violations related to a potential HIPAA breach for $2.3 million.

Regional West Medical Center in Scottsbluff, Neb., had a computer network interruption on Sept. 22, according to the Star Herald.

Omaha-based Nebraska Medicine's computer system went down due to a security incident, according to a Live Well Nebraska report.

Michael Nowatkowski, PhD, associate professor at University of Augusta's computer and cyber sciences school in Georgia, specializes in reverse engineering medical devices to check their cybersecurity strength, according to a Sept. 18 Athens Banner-Herald report. 

The Office of Civil Rights agreed to settle systemic HIPAA noncompliance with a Georgia-based orthopedic practice stemming from a 2016 incident, according to a Sept. 21 announcement.

University of Missouri Health Care discovered an employee email phishing attack in May that exposed some patient information.

So far this year, healthcare organizations nationwide have reported to HHS a collective total of  about 13.7 million individuals being affected by data breaches.

A hospital in Dusseldorf, Germany, was hit by a ransomware attack on Sept. 10, which encrypted 30 hospital servers, according to a Business Insider report.

ONC has released an update to HHS' Security Risk Assessment tool, which helps providers ensure HIPAA compliance.

A former patient of St. Louis-based BJC HealthCare filed a class-action lawsuit against the health system over a cybersecurity incident, according to the lawsuit hosted on Bloomberg.

Another six health systems have been identified as being affected by the Blackbaud security breach.

Chattanooga, Tenn.-based Erlanger notified patients of a security breach after a third-party vendor misplaced backup CDs containing patient information.

The COVID-19 pandemic has forced many hospitals to shift employees to remote work and expand telehealth offerings. This has expanded the cybersecurity threat landscape. However, there are steps hospitals can take to ensure their information systems are protected amid shifting work environments.

The federal government settled five HIPAA violation investigations with healthcare providers for a total of $136,500.

More health systems have reported being part of the Blackbaud security breach that affected organizations worldwide.

Spectrum Health warned patients Sept. 14 of a new "vishing" scam where individuals pretend to be an employee of the Grand Rapids, Mich.-based health system and call patients to steal their protected health information.