Healthcare Information Security

Health IT Security and HIPAA News

Allscripts Ransomware Attack Impacts Limited Number of Applications


An Allscripts ransomware attack was reported on January 18, 2018, with certain applications made inaccessible. An Allscripts user reported to HIStalk that InfoButton, regulatory reporting, clinical decision support, direct messaging, and Payerpath...

VA Patient Data Disclosure to HIEs Permitted in Proposed Rule


The Department of Veterans Affairs (VA) published a proposed rule that would amend its current regulations on allowing patient data disclosure to health information exchanges (HIEs). The updated rule would permit VA to release a patient’s...

HCCIC Releases Update on Spectre, Meltdown Cybersecurity Threats


The Healthcare Cybersecurity and Communications Integration Center (HCCIC) released an update on previously discovered Spectre and Meltdown vulnerabilities that could create healthcare cybersecurity threats for organizations. The National Health...

Onco360 Email Data Security Incident Impacts 53K Patients


Onco360 and CareMed Specialty Pharmacy are notifying patients that a data security incident stemming from unauthorized access to employee email accounts may have involved their health information. Suspicious activity on an employee’s email...

Amazon HIPAA Compliance Lead Search Indicates Healthcare Focus


An Amazon job posting for a HIPAA Compliance Lead potentially indicates that the technology company is looking to expand into the healthcare space. The individual hired for the healthcare privacy and security position will help Amazon in a “new...

CT Supreme Court Rules Patients Can Sue Over PHI Disclosure


There is a duty of confidentiality between a physician and patient, and patients have the right to sue should unauthorized PHI disclosure take place, according to the Connecticut Supreme Court. In Byrne v. Avery Center for Obstetrics & Gynecology,...

NC Data Breach Legislation Accounts for Ransomware Attacks


Following an increase in reported state data breaches in 2017, North Carolina’s attorney general and a state representative introduced data breach legislation to better protect individuals. The updated Act to Strengthen Identity Theft Protections...

Patient Data Unaffected in Hancock Health Ransomware Attack


Indiana-based Hancock Health experienced a ransomware attack on January 11, 2018, according to a statement posted on the organization’s website. Hancock recovered use of its computers and patient information was not adversely affected....

67% of CISOs Believe a Cybersecurity Attack Will Happen in 2018


CISOs are increasingly concerned about the likelihood of falling victim to a cybersecurity attack, with 67 percent reporting that they think their organization will face that type of data breach in 2018, according to a recent survey. Conducted...

Potential WV Health Data Breach from Laptop Theft Affects 43K


West Virginia-based Coplin Health Systems recently reported a possible health data breach after it discovered that a laptop potentially containing personal health information was stolen. The device was stolen from an employee’s automobile...

Kathryn Marchesini Named New ONC Chief Privacy Officer


The Office of the National Coordinator (ONC) announced through an internal email that Katheryn Marchesini, JD, had been appointed to the ONC Chief Privacy Officer position. National Coordinator Donald Rucker, MD explained that Marchesini is an...

20% of RNs Had Patient Data Breaches, Claim Response Confidence


There is potentially a disconnect between healthcare professionals’ confidence in preventing patient data breaches and actually being able to do so, according to recent research from the University of Phoenix. Twenty percent of registered...

Data Security Cited in ONC Health Data Exchange Framework Praise


ONC’s Trusted Exchange Framework and Common Agreement (TEFCA) draft has so far been met with industry support, with organizations lauding ONC in working to strengthen trust and support for nationwide interoperability while also considering...

Remaining Vigilant Against Increasing Healthcare Ransomware Threats


Healthcare ransomware attacks increased by 89 percent from 2016 to 2017, according to recent research from Cryptonite. Furthermore, one-quarter of all IT/hacking events reported to OCR in 2017 were attributed to ransomware incidents. Gathering...

Report Discusses How to Approach Botnets, Cybersecurity Threats


There must be greater resilience against botnets and other distributed, automated threats in an effort to properly combat evolving cybersecurity threats, according to a recent report from federal agencies. The Departments of Commerce and Homeland...

Secure Data Exchange Part of ONC Trusted Exchange Framework Draft


ONC issued a Trusted Exchange Framework and Common Agreement draft last week, which is part of the requirements under the 21st Century Cures Act. Ensuring secure data exchange is a key aspect to nationwide interoperability, along with building...

NH-ISAC Cybersecurity Warning Shows Importance of Regular Updates


The National Health Information Sharing and Analysis Center’s (NH-ISAC) Threat Intelligence Committee released a cybersecurity warning last week urging entities to be aware of two potential vulnerabilities. Researchers determined that...

AHIMA: Healthcare Data Privacy, Security Top HIM Topic for 2018


Potential cyberattacks and other cybersecurity threats will help keep healthcare data privacy and security main concerns going into 2018, according to recent AHIMA predictions. In total, AHIMA members listed eight key focus areas. Privacy and...

AHA Calls for Greater FDA Medical Device Security Oversight


The Food and Drug Administration (FDA) must focus on reducing regulatory burden on hospitals and health systems while also ensuring there is greater medical device security oversight, according to the American Hospital Association (AHA). AHA...

29K Impacted by SSM Health Data Breach from Unauthorized Access


St. Louis, Missouri-based SSM Health recently reported that it experienced a potential data breach after an employee accessed patient records without authorization. The access occurred between February 13, 2017 and October 20, 2017 when the employee...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks