Rural Healthcare Cybersecurity Aid Grows, But Challenges Persist
HealthITSecurity Healthcare cybersecurity is a challenge for providers, network defenders, and regulators across the US, as exemplified by the influx of data breach notifications reported to HHS this year alone. But protecting patients and hospitals from the damaging effects of a cyber incident is an even bigger obstacle in rural areas, where hospitals are smaller, have fewer resources, and are...
More Features
What is SEO Poisoning, How Can Healthcare Defend Against It?
It is reasonable to assume that the first few links that pop up as a result of an inquiry on a search engine are the most credible. In fact, thanks to search engine optimization (SEO), the first results often are the most reliable sources....
What the US Cyber Trust Mark Means for IoT Security in Healthcare
In July 2023, the Biden-Harris Administration announced the creation of the US Cyber Trust Mark, a cybersecurity labeling program for Internet of Things (IoT) devices to help consumers make informed purchases with security in mind. Proposed...
How the Health3PT Council Addresses Third-Party Risk Management Woes
Healthcare third-party risk management (TPRM) is broken, according to the Health 3rd Party Trust (Health3PT) Initiative and Council. The council members would know – each is a healthcare security leader who has seen firsthand the...
How Providers Can Defend Against AI-Assisted Cyberattacks
What once seemed like a far-fetched idea is now a reality — artificial intelligence (AI) is advancing steadily, enabling increased efficiency in a variety of sectors. Unfortunately, cyber threat actors can also leverage AI to...
How Did This Happen? Understanding the Issue of Third-Party Tracking Tech in Healthcare
In June 2022, journalists discovered that a third of Newsweek’s top 100 hospitals in America had the Meta Pixel installed on their websites, which allegedly sent a packet of data to Facebook whenever a visitor clicked a button to...
What is the Health Breach Notification Rule, Who Does It Apply To?
When faced with a data breach that compromises protected health information (PHI), HIPAA-covered entities must comply with the HIPAA Breach Notification Rule, which sets strict guidelines on when and how to notify patients of a breach. But...
Biggest Healthcare Data Breaches Reported This Year, So Far
Healthcare data breaches are continuing to impact the healthcare sector at alarming rates, even as healthcare organizations continue to adopt the latest security solutions to keep pace with the influx of new cyber threats. The healthcare...
Key Ways to Prepare For Revamped Medical Device Security Requirements
The Consolidated Appropriations Act of 2023 (Omnibus) was signed into law in December 2022, amending the Federal Food, Drug, and Cosmetic Act to include key medical device security provisions. The Omnibus signified major changes...
How FTC Enforcement Actions Will Impact Telehealth Data Privacy
The Federal Trade Commission (FTC) made its stance on health data privacy and security abundantly clear with two recent high-profile settlements against GoodRx and BetterHelp, setting the stage for future enforcement actions and heightened...
3 Best Practices For Maturing Healthcare Third-Party Risk Management
Third-party risk management (TPRM) remains a significant challenge for healthcare organizations of all sizes, as exemplified by the high volume of third-party data breaches reported to HHS in 2022. As healthcare organizations continue to...
How the HSCC is Bridging the Gap Between Cyber Haves and Have-Nots
Cybersecurity remains a key challenge for the healthcare sector, an industry inundated with ransomware, phishing attacks, third-party risk management struggles, and security staffing shortages. These obstacles are consistent across the...
Aligning Substance Abuse Confidentiality Regulations With HIPAA to Enhance Compliance
Since 1975, the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 CFR part 2 (Part 2) have protected the confidentiality of individuals suffering from substance use disorder. These key protections aim to...
Outdated Operating Systems Remain Key Medical Device Security Challenge
Microsoft’s support of Windows 8.1 ended on January 10, meaning that the company will no longer provide software updates and technical assistance for that version of its operating system (OS). To reduce risk, Microsoft recommended...
Tackling Third-Party Risk Management (TPRM) Challenges In Healthcare
The majority of the top ten largest healthcare data breaches reported to HHS in 2022 stemmed from third-party vendors, signaling a need for better third-party risk management (TPRM) practices in the industry. However, healthcare...
How Sen. Warner Aims to Mitigate Healthcare Cybersecurity Risks Through Legislation
Since releasing his policy options paper in November, Senator Mark R. Warner (D-VA) has been collecting feedback from industry experts on healthcare cybersecurity challenges and how to tackle them through policy and legislation. As...
How An Independent Practice Recovered From a Third-Party Ransomware Attack
When Ed Bujold, MD, FAAFP, of Granite Falls Family Medical Care Center in North Carolina, found out in October 2021 that his practice had been impacted by a ransomware attack waged against its cloud vendor, he realized that he had three...
How Northwell Health Runs Its Cybersecurity Training and Awareness Program
When it comes to cybersecurity, costly technology and high-end tools can only get organizations so far. Implementing a robust and dynamic cybersecurity training and awareness program is crucial to reducing risk and establishing a culture of...
How to Properly Dispose of Electronic PHI Under HIPAA
Improper disposal of protected health information (PHI), whether a paper record or a digital file, can result in HIPAA violations and significant fees. For example, in 2020, the New Jersey Division of Consumer Affairs and the New Jersey...
How to Properly Dispose of Paper Medical Records, Physical PHI Under HIPAA
Improper disposal of protected health information (PHI) can result in HIPAA violations, Office for Civil Rights (OCR) investigations, and hefty fines. For example, in August 2022, OCR settled a case with a Massachusetts-based dermatology...
