Healthcare Information Security

Health IT Security and HIPAA News

Potential CalOptima PHI Data Breach Affects 56K Members


The California health system CalOptima is reporting a potential PHI data breach stemming from an August 17, 2016 incident. This is the second data security incident CalOptima has reported in the last month. The most recent incident when “a...

EHNAC, HITRUST Combine HIPAA Security Criteria, CSF Framework


The Electronic Healthcare Network Accreditation Commission (EHNAC) and the Health Information Trust Alliance (HITRUST) are collaborating to streamline their accreditation and certification programs. EHNAC will replace its HIPAA-related privacy...

St. Joseph Health Agrees to $2.14M OCR HIPAA Settlement


A health care delivery system recently agreed to an OCR HIPAA settlement following reports that it had publicly accessible files containing ePHI from 2011 to 2012. St. Joseph Health (SJH) notified OCR on February 14, 2012 that certain files containing...

Using Layered Security for Evolving Cybersecurity Threats


The healthcare industry possesses large amounts of sensitive information, yet is consistently vulnerable to the evolving cybersecurity threats. Refusing to adapt to the changing threat landscape, and work to implement a layered security approach...

Attorneys Find Healthcare Cybersecurity Threats Increasing


The majority of corporate healthcare attorneys have found that healthcare cybersecurity threats are increasing, and that they are being called upon more often to evaluate whether a security incident implicates reporting obligations. A survey...

OCR ‘Laser Focused’ on HIPAA Violation Complaints, Enforcement


While 2015 and 2016 saw the Office for Civil Rights (OCR) enter into a record number of settlement agreements, most of its received complaints do not involve an alleged HIPAA violation, according to HHS Director Jocelyn Samuels. Healthcare technology...

ONC, OCR Revise HIPAA Security Risk Assessment Tool


In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk Assessment...

OIG Report Finds CO Medicaid Data Security Controls Lacking


Colorado’s Medicaid data security may have increased risk due to vulnerabilities found in the Colorado Department of Health Care Policy and Financing (HCPF) information systems according to a recent investigation by the Office for Inspector...

Data Security Incident from Arkansas Break-in Affects 2K


Arkansas-based Baxter Regional Home Health Facility (Baxter Home Health) announced that certain patients and employees may have had some of their information exposed in a data security incident that took place in August 2016. Baxter Home Health...

Will CMS Improve Patient Data Security with SSNRI?


One aspect to the Medicare Access and CHIP Reauthorization Act (MACRA) of 2015 could affect patient data security measures, as it requires healthcare organizations to remove Social Security Numbers (SSNs) from all Medicare cards by April 2019....

Information Security Weaknesses in MN Health Insurance Exchange


Minnesota recently implemented security controls across its health insurance exchange (MNsure), but there are still information security weaknesses that could affect PII security, according to the Office of Inspector General (OIG). Improvements...

Considering Healthcare Data Privacy with Health Data Sharing


Information sharing is not without certain healthcare data privacy risks, but the potential rewards should be understood so individuals can make an educated choice when considering the trade off, according to Dr. Joseph Kvedar. In a recent blog...

Healthcare Ransomware Increasing, Education Sector Top Target


The rate of ransomware attacks has increased in the past year, with healthcare ransomware coming in third place, according to a recent survey by BitSight. The top targeted industry was education, followed by government. The Rising Face of Cyber...

Are Business Associates Unprepared in Health Data Protection?


Two-thirds of business associates are not prepared for the evolving health data protection measures, specifically in relation to HITRUST standards, according to a recent KPMG survey. KPMG surveyed 604 industry professionals, and only 17.4 percent...

Reviewing File Transfer Protocol Healthcare Cybersecurity Risks


Preventing and detecting cryptocurrency mining malware are essential aspects to file transfer protocol (FTP) that covered entities and business associates need to consider when maintaining healthcare cybersecurity, the Office for Civil Rights...

How Patient Privacy is Affected by Patient Matching Proposal


Earlier this week, numerous healthcare organizations urged members of the House Committee on Appropriations to advance language in a legislative report that would assist in patient matching, which could potentially also affect patient privacy....

HHS Releases Updated HIPAA Cloud Computing Guidance


The Department of Health and Human Services (HHS) recently released updated HIPAA cloud computing guidance to help covered entities and business associates understand how to take advantage of cloud computing while still remaining HIPAA compliant....

Companies Lacking Confidence in Data Breach Preparedness


More organizations are implementing data breach preparedness plans, but a recent survey showed that those same companies are not entirely confident in their ability to recover from potential data security incidents. The fourth annual Is Your...

Central Ohio Urology Data Security Incident Affects 300K


Central Ohio Urology Group (COUG) reported that a data security incident may have exposed the information of patients, employees, and individuals who paid for medical services. An unauthorized individual reportedly posted files and documents...

Animas Warns of Potential Medical Device Cybersecurity Issue


Animas Corporation, a Johnson & Johnson company, recently disclosed to users of a certain type of insulin pump that potential medical device cybersecurity vulnerabilities were discovered in it. The Animas OneTouch Ping insulin pump could...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks