HHS

HHS offers resource guide to providers impacted by Change Healthcare cyberattack

March 27, 2024 - Healthcare providers nationwide are continuing to face financial and operational challenges in the aftermath of the Change Healthcare cyberattack, which began more than one month ago. In Massachusetts, hospitals were losing upwards of $24 million per day as of late March, the Massachusetts Hospital Association reported. The American Hospital...


More Articles

3 ways to prepare for impending HIPAA Security Rule updates

by Jill McKeon

In the decades since the HIPAA Security Rule was enacted, it has remained a crucial tool to covered entities and business associates as they navigate the multitude of cybersecurity risks that trouble the healthcare sector. HIPAA’s...

HHS Releases Statement on Change Healthcare Cyberattack

by Jill McKeon

HHS released a statement regarding the Change Healthcare cyberattack and shed light on immediate steps that CMS is taking to assist providers during this time. The announcement follows multiple...

MGMA Urges HHS to Financially Assist Medical Groups Amid Change Cyberattack

by Jill McKeon

The Medical Group Management Association (MGMA) urged HHS to use “all the tools at its disposal” to mitigate the impacts of the Change Healthcare cyberattack on medical groups in a letter...

Exploring the Health Industry Cybersecurity Practices (HICP) Publication, How to Use It

by Jill McKeon

The “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” publication, known as “HICP” for short, is the product of healthcare industry leaders and government representatives coming...

HHS Delivers Reports to Congress on HIPAA Compliance, Enforcement

by Jill McKeon

The HHS Office for Civil Rights (OCR) delivered two reports to Congress on HIPAA compliance and enforcement efforts logged by the department during the 2022 calendar year. HHS is required to...

HHS Settles Ransomware Investigation With Behavioral Health Provider

by Jill McKeon

Green Ridge Behavioral Health agreed to pay $40,000 and implement corrective actions to resolve a ransomware investigation conducted by the HHS Office for Civil Rights (OCR). This marks the second-ever...

HHS, NIST Finalize Joint HIPAA Security Rule Guidance

by Jill McKeon

The HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) published the final version of Special Publication (SP) 800-66 Revision 2, aimed at helping covered...

GAO Urges HHS to Increase Oversight of Ransomware Practices

by Jill McKeon

The US Government Accountability Office (GAO) issued recommendations to HHS surrounding its oversight of ransomware practices across the sector in a recent report. The report assessed four federal...

New Legislation Aims to Strengthen Healthcare Cybersecurity Within HHS

by Jill McKeon

US Senators Angus King (I-ME) and Marco Rubio (R-FL) introduced the Strengthening Cybersecurity in Health Care Act, aimed at bolstering cybersecurity efforts within HHS. Specifically, the act would...

HHS Finalizes Changes to Substance Use Confidentiality Regulations

by Jill McKeon

HHS, via the Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA), announced its finalized changes to the Confidentiality of Substance Use...

OCR Reaches $4.75M Settlement With NY Health System

by Jill McKeon

UPDATE 2/7/2024 - This article has been updated to include a statement from a Montefiore Medical Center spokesperson. The HHS Office for Civil Rights (OCR) announced a $4.75 million settlement with...

How HHS Cybersecurity Performance Goals Will Impact Healthcare

by Jill McKeon

HHS recently unveiled healthcare-specific cybersecurity performance goals (CPGs) with the intent of helping the sector prioritize the implementation of key security best practices. On their surface, the voluntary CPGs are straightforward,...

HHS Unveils Healthcare Cybersecurity Performance Goals

by Jill McKeon

HHS has released sector-specific cybersecurity performance goals (CPGs) to help the sector prioritize key security actions and reduce risk. The voluntary CPGs consist of “essential” and...

Lawmakers Push For Increased Patient Privacy Regarding Prescription Records

by Jill McKeon

Lawmakers have urged HHS to consider revising HIPAA to further protect patient privacy after observing routine disclosures of patient information from major pharmacy chains to law enforcement agencies...

AHA Raises Concerns Over HHS Cybersecurity Strategy

by Jill McKeon

The American Hospital Association (AHA) expressed dissatisfaction with parts of HHS’ recently released healthcare cybersecurity strategy, which was unveiled in early December. Specifically, the...

HHS Settles First Phishing Attack Investigation With Louisiana Medical Group

by Jill McKeon

HHS reached its first-ever phishing attack settlement with Lafourche Medical Group, a Louisiana-based medical group that specializes in emergency medicine, lab testing, and occupational medicine....

HHS Unveils Healthcare Cybersecurity Strategy

by Jill McKeon

HHS released a concept paper outlining the department’s long-awaited healthcare cybersecurity strategy and establishing goals for improving the sector’s cybersecurity posture. The...

HHS Settles HIPAA Investigation With St. Joseph’s Over PHI Disclosure to Media

by Jill McKeon

The HHS Office for Civil Rights (OCR) completed a HIPAA investigation into New York-based Saint Joseph’s Medical Center following claims that the organization had impermissibly disclosed COVID-19...

How the DIGIHEALS Project Is Tackling Cybersecurity Technology Gaps

by Jill McKeon

Despite increased attention from lawmakers and a renewed focus on healthcare cybersecurity awareness, the healthcare sector remains a top target favored by threat actors around the world. In fact, more than 88 million individuals have been...