Healthcare Information Security

HIPAA Administrative Safeguards

$2.2M OCR HIPAA Settlement Highlights ePHI Safeguard Need

January 18, 2017 - The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA settlement stemming from allegations of a lack of ePHI safeguards. MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) agreed to the approximate $2.2 million settlement, in which it must also implement a corrective action plan. MAPFRE settled potential HIPAA violations that alleged...


More Articles

$2.2M OCR HIPAA Settlement Highlights ePHI Safeguard Need

by Elizabeth Snell

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA settlement stemming from allegations of a lack of ePHI safeguards. MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) agreed to the...

NIST Releases Updated Draft Version of Cybersecurity Framework

by Elizabeth Snell

The National Institute of Standards and Technology (NIST) recently released an updated draft version of its Cybersecurity Framework, with incorporated comments from the December 2015 Request for Information and comments from Cybersecurity Framework...

NIST Cybersecurity Guide Highlights Recovery, Restoration Plan

by Elizabeth Snell

Properly developing and implementing recovery plans, processes, and procedures will help organizations fully restore a system weakened during a cybersecurity event, the National Institute of Standards and Technology (NIST) explained in a recent...

Strong Cybersecurity Measures Need Security in IoT Devices

by Elizabeth Snell

The National Institute of Standards and Technology (NIST) recently published guidelines on how organizations can utilize cybersecurity measures for IoT devices, and underlined the importance of ensuring that security systems are built directly...

NIST Aims to Help Small Business Cybersecurity Measures Improve

by Elizabeth Snell

While some small businesses may assume that they are not primary targets for cyber criminals, the National Institute of Standards and Technology (NIST) wants to ensure that those organizations are able to implement the necessary cybersecurity...

OCR Newsletter Underlines Healthcare Authentication Importance

by Elizabeth Snell

One of the causes of healthcare data breaches over the past few years has been to weakened healthcare authentication measures, according to the Office for Civil Rights (OCR). As healthcare continues to be a top target for cyber attacks, organizations...

NIST Resource to Help Create Strong Cybersecurity Workforce

by Elizabeth Snell

An organization led by the National Institute of Standards and Technology (NIST) developed a new resource to ensure that organizations can “more effectively identify, recruit, develop and maintain its cybersecurity talent” and create...

Mobile Security Key Focus in Recent NIST Resources

by Elizabeth Snell

The National Institute of Standards and Technology (NIST) recently released two draft resources that highlight current mobile security threats and then provide guidance on how public and private organizations can best approach those threats....

Information Sharing Key in Improving Healthcare Cybersecurity

by Elizabeth Snell

Improving the outreach and information sharing on healthcare cybersecurity issues, along with having more educated and qualified cybersecurity personnel and health IT experts will be essential in strengthening the healthcare cybersecurity infrastructure,...

Medical Device Cybersecurity Key Focus in NIST Partnership

by Elizabeth Snell

A new risk assessment project designed for monitoring wireless IV medical infusion pumps hopes to further strengthen medical device cybersecurity across the healthcare industry. The National Institute of Standards and Technology’s (NIST)...

Protecting Against Unauthorized Healthcare Data Access

by Deepak Patel of Imperva

No healthcare organization wants to receive notification that there has been unauthorized healthcare data access at the company. Not only could this potentially expose patient information, but it could result in potential fines for the organization...

Will Privileged User Abuse Affect Healthcare Data Security?

by Elizabeth Snell

Employee access is a key aspect of healthcare data security, and healthcare organizations of all sizes need to ensure that their administrative safeguards account for the type of information employees view, use, or transfer. A recent Ponemon...

Unauthorized Access Affects 900K at Arizona Facility

by Elizabeth Snell

Arizona-based Valley Anesthesiology and Pain Consultants (VAPC) reported that it discovered unauthorized access on one of its computer systems, which potentially caused the information exposure of 882,590 patients. VAPC learned about the potential...

Utilizing Administrative Safeguards to Prevent Insider Threats

by Elizabeth Snell

Preventing healthcare insider threats needs to be a top priority for covered entities of all sizes, and with cybersecurity threats evolving each day, training methods must also remain current. Administrative safeguards, including user training...

NIST Urges End of SMS Messaging in Two-Factor Authentication

by Elizabeth Snell

Using SMS messaging in two-factor authentication has the risk that information may be intercepted or redirected, and other alternatives should instead be considered, according to a National Institute of Standards and Technology (NIST) draft guide....

Health Data Privacy Discussed in ONC Blockchain Proposal

by Elizabeth Snell

The Office of the National Coordinator for Health Information Technology (ONC) and the National Institute of Standards and Technology (NIST) submitted an “Ideation Challenge” proposal for the potential benefits of blockchain technology...

How Insider Threats May Affect Healthcare Data Security

by Elizabeth Snell

Malware attacks are becoming an increasingly major threat to covered entities, but if a recent report is any indication, insider threats could also lead to healthcare data security compromises. More than 200 C-level security executives and IT...

NIST Cybersecurity Framework Updates, Clarification Underway

by Elizabeth Snell

The NIST Cybersecurity Framework will receive a minor update, which will include updating the informative references, clarifying guidance for implementation tiers, and placement of cyber threat intelligence in the core, according to a recent...

Improper Employee Access Creates Potential Health Data Breach

by Jacqueline Belliveau

ProMedica, a healthcare organization in Ohio, has investigated a potential healthcare data breach after discovering several employees had inappropriately accessed the private medical records for patients they were not directly treating. According...

Hackers Cause Possible Healthcare Data Breach for 40K Patients

by Jacqueline Belliveau

A Connecticut-based podiatry group is facing a possible healthcare data breach that has impacted approximately 40,491 individuals after hackers accessed network services, according to the Office of Civil Rights data breach report. An outside...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks