Features

3 ways to prepare for impending HIPAA Security Rule updates

HealthITSecurity In the decades since the HIPAA Security Rule was enacted, it has remained a crucial tool to covered entities and business associates as they navigate the multitude of cybersecurity risks that trouble the healthcare sector. HIPAA’s flexible and scalable nature allows covered entities to implement the technical, physical, and administrative safeguards that are reasonable for each...


More Features

What the LockBit ransomware gang’s return means for healthcare

Since its emergence four years ago, the LockBit ransomware gang has been ruthlessly targeting organizations across critical infrastructure at alarming rates. The group’s constant tactic modifications and vast network of affiliates...

Understanding the Impact of the Change Healthcare Cyberattack on Providers

Change Healthcare suffered a cyberattack on February 21st at the hands of the notorious BlackCat/ALPHV ransomware group, forcing it to take its systems offline. As the sector enters the second week of outages, operational disruptions and...

Healthcare Faces Uncertainty Amid Change Healthcare Cyberattack

UPDATE 2/29/2024 - BlackCat/ALPHV has claimed responsibility for the attack and denied using the ConnectWise vulnerabilities for initial access. Healthcare organizations everywhere are feeling the impact of the Change Healthcare...

Exploring the Health Industry Cybersecurity Practices (HICP) Publication, How to Use It

The “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” publication, known as “HICP” for short, is the product of healthcare industry leaders and government representatives coming...

How HHS Cybersecurity Performance Goals Will Impact Healthcare

HHS recently unveiled healthcare-specific cybersecurity performance goals (CPGs) with the intent of helping the sector prioritize the implementation of key security best practices. On their surface, the voluntary CPGs are straightforward,...

Exploring the Role of Identity and Access Management in Healthcare

Identity and access management (IAM) is a framework of processes, policies, and technologies that monitor digital identities, manage authentication controls, and grant employees and end users access to information that is relevant to their...

How the Executive Order on AI Will Impact Healthcare Cybersecurity

Artificial intelligence (AI) continues to become ingrained into our society, and the regulations and guidance that govern it are evolving to match. In October 2023, President Biden issued an Executive Order on the Safe, Secure, and...

Top Healthcare Cybersecurity Predictions For This Year

As the new year begins, the healthcare sector will undoubtedly continue to grapple with a significant volume of cybersecurity threats and challenges. The year 2023 saw record-breaking data breach figures, with more than 540 organizations...

This Year’s Largest Healthcare Data Breaches

Healthcare cybersecurity has garnered unprecedented attention from lawmakers and industry coalitions this year, signifying a step forward for the sector. However, reported data breach figures tell a different story, as cyberattacks continue...

What the 23andMe Data Breach Reveals About Credential Stuffing

Genetic testing company 23andMe notified 6.9 million individuals that their personal information was compromised in October 2023. However, 23andMe had no evidence that there was a data security incident within its systems. Instead, threat...

Understanding the Nuances of the Healthcare Cybersecurity Regulatory Landscape

Considering the complexity and magnitude of cyber threats facing the healthcare sector today, it stands to reason that the regulations that aim to protect patients and organizations from these threats must be equally intricate. These...

How the DIGIHEALS Project Is Tackling Cybersecurity Technology Gaps

Despite increased attention from lawmakers and a renewed focus on healthcare cybersecurity awareness, the healthcare sector remains a top target favored by threat actors around the world. In fact, more than 88 million individuals have been...

Communicating With a Patient’s Family Under the HIPAA Privacy Rule

When disclosing protected health information (PHI) to a provider at a HIPAA-covered entity, patients likely want to ensure that their information is not being shared with everyone in the hospital waiting room. But they may want to keep...

What is a Zero-Day Attack, How Can Healthcare Defend Against Them?

Defending against zero-day attacks is difficult – by nature, threat actors committing zero-day attacks are taking advantage of unknown or unpatched vulnerabilities. Understanding the nature of these attacks, as well as the threats...

How Digital Health Companies Navigate the Patchwork of State Data Privacy Laws

Navigating compliance with HIPAA, the Federal Trade Commission (FTC) Act, and other major statutes is a complex process for any organization. However, these laws apply nationwide, making it easier for organizations that operate in...

Navigating the SEC Cyber Incident Disclosure Rule, How It Impacts Healthcare

Under the Securities and Exchange Commission’s (SEC) final rule on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure, publicly traded companies now are required to disclose cyber incidents without delay....

How HHS Plans to Prioritize Healthcare Cybersecurity

HHS and its many agencies and offices serve a variety of roles within the healthcare sector, including several in cybersecurity. At the most recent HIMSS Healthcare Cybersecurity Forum, leaders from the Administration for Strategic...

Why Are Healthcare Data Breaches So Expensive?

Healthcare data breaches can have far-ranging impacts on operations, security, and even patient safety. And to add insult to injury, breaches are more than likely to affect a healthcare organization’s bottom line. Healthcare...

Rural Healthcare Cybersecurity Aid Grows, But Challenges Persist

Healthcare cybersecurity is a challenge for providers, network defenders, and regulators across the US, as exemplified by the influx of data breach notifications reported to HHS this year alone. But protecting patients and hospitals from...