Healthcare Information Security

Health IT Security and HIPAA News

Many Healthcare Ransomware Attacks Impact Providers, Patients


When a covered entity is impacted by a healthcare ransomware attack, the recovery process is not always easy. Not only will daily operations likely be impacted, but patients could also feel the effects. Whether the ransomware caused patient records...

Improving Health Data Security with Payment Security Controls


Healthcare data encryption options are often touted as key ways for covered entities and business associates to strengthen their health data security. That includes payment security controls, which should be considered as part of a provider’s...

Top 4 Healthcare Data Breaches Stem from Hacking Incident


While 2016 is not yet complete, there have already been approximately 250 reported cases of potential healthcare data breaches affecting more than 500 individuals submitted to the Office for Civil Rights (OCR). The majority of these incidents...

Why Businesses Must Adhere to FTC Act and HIPAA Privacy Rule


Businesses that collect and share consumer health information need to not only be mindful of the HIPAA Privacy Rule, but must also adhere to the FTC Act. The Federal Trade Commission (FTC) released new guidance on key privacy and security considerations...

What is the Full Impact of a Healthcare Cybersecurity Attack?


Large-scale healthcare data breaches are not new to the healthcare industry, and healthcare cybersecurity attacks are becoming more intricate and difficult to predict. However, the initial attack is not always where the story ends for covered...

How User Training Affects Healthcare Ransomware Preparation


Covered entities and business associates have numerous areas to consider when it comes to preparing against potential healthcare ransomware threats. It is not enough to just install firewalls and anti-virus software. Organizations need to implement...

Is the Human Body the Cure for Mobile Data Security Concerns?


Using the human body to enable a physical layer of security could possibly eliminate certain mobile data security and medical device security concerns, according to recent research. University of Washington researchers explain in a paper that...

Potential CalOptima PHI Data Breach Affects 56K Members


The California health system CalOptima is reporting a potential PHI data breach stemming from an August 17, 2016 incident. This is the second data security incident CalOptima has reported in the last month. The most recent incident when “a...

EHNAC, HITRUST Combine HIPAA Security Criteria, CSF Framework


The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) are collaborating to streamline their accreditation and certification programs. EHNAC will replace its HIPAA-related privacy...

St. Joseph Health Agrees to $2.14M OCR HIPAA Settlement


A health care delivery system recently agreed to an OCR HIPAA settlement following reports that it had publicly accessible files containing ePHI from 2011 to 2012. St. Joseph Health (SJH) notified OCR on February 14, 2012 that certain files containing...

Using Layered Security for Evolving Cybersecurity Threats


The healthcare industry possesses large amounts of sensitive information, yet is consistently vulnerable to the evolving cybersecurity threats. Refusing to adapt to the changing threat landscape, and work to implement a layered security approach...

Attorneys Find Healthcare Cybersecurity Threats Increasing


The majority of corporate healthcare attorneys have found that healthcare cybersecurity threats are increasing, and that they are being called upon more often to evaluate whether a security incident implicates reporting obligations. A survey...

OCR ‘Laser Focused’ on HIPAA Violation Complaints, Enforcement


While 2015 and 2016 saw the Office for Civil Rights (OCR) enter into a record number of settlement agreements, most of its received complaints do not involve an alleged HIPAA violation, according to HHS Director Jocelyn Samuels. Healthcare technology...

ONC, OCR Revise HIPAA Security Risk Assessment Tool


In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk Assessment...

OIG Report Finds CO Medicaid Data Security Controls Lacking


Colorado’s Medicaid data security may have increased risk due to vulnerabilities found in the Colorado Department of Health Care Policy and Financing (HCPF) information systems according to a recent investigation by the Office for Inspector...

Data Security Incident from Arkansas Break-in Affects 2K


Arkansas-based Baxter Regional Home Health Facility (Baxter Home Health) announced that certain patients and employees may have had some of their information exposed in a data security incident that took place in August 2016. Baxter Home Health...

Will CMS Improve Patient Data Security with SSNRI?


One aspect to the Medicare Access and CHIP Reauthorization Act (MACRA) of 2015 could affect patient data security measures, as it requires healthcare organizations to remove Social Security Numbers (SSNs) from all Medicare cards by April 2019....

Information Security Weaknesses in MN Health Insurance Exchange


Minnesota recently implemented security controls across its health insurance exchange (MNsure), but there are still information security weaknesses that could affect PII security, according to the Office of Inspector General (OIG). Improvements...

Considering Healthcare Data Privacy with Health Data Sharing


Information sharing is not without certain healthcare data privacy risks, but the potential rewards should be understood so individuals can make an educated choice when considering the trade off, according to Dr. Joseph Kvedar. In a recent blog...

Healthcare Ransomware Increasing, Education Sector Top Target


The rate of ransomware attacks has increased in the past year, with healthcare ransomware coming in third place, according to a recent survey by BitSight. The top targeted industry was education, followed by government. The Rising Face of Cyber...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks