Healthcare Information Security

Health IT Security and HIPAA News

Healthcare Data Breach Risk Higher in Larger Facilities

by

Having greater access to healthcare data, which is common in larger hospitals and teaching-focused facilities, can create a higher data breach risk, according to a recent study published by JAMA Internal Medicine. There is a “fundamental...

OCR Urges End-to-End Security, Verified HTTPS to Protect PHI

by

Implementing end-to-end connection security on internet transactions using Secure Hypertext Transport Protocol (HTTPS) can help healthcare organizations better protect PHI and even detect malware, according to OCR’s latest cybersecurity...

White House Finds HHS Strengthening Cybersecurity Measures

by

HHS has made great progress in working to improve its cybersecurity measures and overall approach to stronger cyber hygiene, according to a recent White House report. HHS has aligned its approach to cybersecurity with the Cybersecurity Act of...

GAO Finds Identity Theft Services Limited in Fraud Prevention

by

Identity theft services offer several benefits to organizations and individuals, but there are limitations in fraud prevention and other identity protection services, according to a recent Government Accountability Office (GAO) report. Medical...

Mobile Security Essential Healthcare Provider Priority

by

Healthcare providers continue to implement smart phones and tablets into their daily operations, which further underlines the need for current BYOD policies and a strong focus on mobile security. A recent HIMSS Analytics survey found that the...

Maintaining Health Data Privacy in Precision Medicine Push

by

As cybersecurity threats continue to evolve and put PHI at risk, precision medicine guidelines need to be updated to account for new health data privacy threats, according to a recent opinion piece published in the Oxford University Press. The...

2016 Record Data Breach Year, Attackers Less Healthcare-Focused

by

There were a record number of records compromised from data breaches in 2016, growing 566 percent in 2016 from 600 million to more than 4 billion, according to a recent IBM report. The 2017 IBM X-Force Threat Intelligence Index also found that...

Potential Ransomware Attack Encrypts Patient Data in KY

by

Kentucky-based Estill County Chiropractic (ECC) recently announced on its website that it had experienced a potential ransomware attack, where an unauthorized user installed malicious software that encrypted patient files. ECC said that it immediately...

Why Healthcare Network Security is a Critical Provider Tool

by

Covered entities are quickly implementing more technology into daily operations, which could potentially open the door for cyber criminals or even unauthorized insider access. Healthcare network security measures must be current and comprehensive,...

Urology Austin Ransomware Attack Possibly Affects 279K

by

Urology Austin recently announced on its website that it experienced a ransomware attack on January 22, 2017, which potentially exposed patient data that was stored on the compromised server. The OCR data breach reporting tool states that 279,663...

DHS Must Sustain Stronger Federal Cybersecurity Measures Push

by

The Department of Homeland Security (DHS) must continue to foster initiatives to improve federal cybersecurity measures, such as utilizing the National Cybersecurity Protection System (NCPS), according to the Government Accountability Office...

FBI Warns Orgs of PHI Security Risk in FTP Servers

by

Cyber criminals are targeting File Transfer Protocol (FTP) servers, which may compromise PHI security and PII security, according to a recent FBI warning. Citing research from the University of Michigan, the FBI explained that FTP servers were...

Roger Severino Appointed Office for Civil Rights Director

by

Roger Severino was recently appointed as the new OCR Director. At the time of publication, OCR had not yet released a statement on the move. Previously, Severino served as Director of the DeVos Center for Religion and Civil Society...

Preparing for an OCR HIPAA Risk Assessment Audit

by

While healthcare organizations should not panic over the idea of a potential HIPAA audit or risk assessment, they should ensure that their privacy and security measures are comprehensive and current. This will not only keep sensitive data, such...

Ransomware Attack Mitigation in Updated ONC SAFER Guide

by

Best practices for ransomware attack mitigation and prevention, along with general contingency planning, were recently discussed in updated SAFER Guides from the ONC. First published in January 2014, the SAFER Guides “provide an easy-to-use...

Administrative Safeguard Need Highlighted in PA Indictment

by

Healthcare organizations must ensure that they have comprehensive and regularly updated administrative safeguards, such as user authentication measures and proper access control. A failure to have these in place, or having outdated ones, could...

How Do HIPAA Regulations Apply to Wearable Devices?

by

Both covered entities and business associates should be well-aware of the OCR HIPAA audit program, especially as Phase 2 has been underway for several months now. However, as technology continues to evolve, there are also several areas that could...

Computer Virus Potentially Exposes PHI of 2.5K at OR Clinic

by

A technician at Lane Community College health clinic recently discovered a computer virus, which may have exposed the PHI of some patients, according to an online statement. The Oregon college health clinic stated the virus may have been sending...

Survey Finds Cloud Security, IoT Security Potentially Lacking

by

While the majority of organizations utilize advanced technology for sensitive data, including cloud, IoT, and big data, those same entities might not be implementing appropriate data security solutions, according to a recent survey. Lagging cloud...

3 Critical Steps for Managing Third-Party Access to Your EHR

by

Before a hospital grants any kind of network access to users from an outside organization, like a physician’s practice, it must determine to whom access is granted and for how long. It is a complex and essential process. This article will...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks