Healthcare Information Security

Health IT Security and HIPAA News

Boston Hospitals Cough Up $1M for ‘Boston Trauma’ HIPAA Violations

by

OCR announced Sept. 20 that it has fined three Boston-area hospitals close to $1 million for HIPAA violations involving the filming of ABC’s TV series “Save My Life: Boston Trauma.”* OCR reached HIPAA settlements with...

Independence Blue Cross Admits to Healthcare Data Breach

by

Philadelphia-based Independence Blue Cross (IBC) announced Sept. 17 that PHI was uploaded by an employee to a website that was publicly accessible between April 23 and July 20, 2018. KYW news radio reported that around 17,000 IBC...

Europol Warns Nation-States Behind More Ransomware Attacks

by

The European law enforcement agency Europol is warning that nation-states are increasingly behind ransomware attacks, such as the 2017 WannaCry campaign. The WannaCry ransomware targeted medical devices and...

CMS Needs To Beef Up Risk Management for Medicare Database

by

The Centers for Medicare and Medicaid Services (CMS) needs to improve its risk management oversight and security controls to ensure the availability of the Medicare enrollment database (EDB), concluded an HHS Office of Inspector General...

Healthcare Workers Uninformed About Cybersecurity Best Practices

by

Forty percent of healthcare workers would allow a colleague to use their work computer, displaying a disturbing lack of knowledge about cybersecurity best practices. Surprisingly, healthcare workers performed better than government...

Healthcare Lags Other Industries in Phishing Attack Resiliency Rate

by

Healthcare trails other major industries in its phishing attack resiliency rate, which measures the ratio between people who report a phish versus those who fall victim to one, according to a report released Sept. 17 by Cofense. The...

Vendor Blamed for Health Data Breach Exposing 1,500 BCBSRI Members

by

Blue Cross and Blue Shield of Rhode Island (BCBSRI) said that a health data breach of PHI affecting 1,567 people was caused by a vendor responsible for sending benefits explanations to members, the Providence Journal reported. The...

CMS Finds Minnesota Hospital Violated Patient Privacy Rights

by

Minnesota-based Fairview Southdale Hospital violated patient privacy rights by taping patients without their knowledge or consent during psychiatric evaluations in the emergency room, a CMS investigation concluded. The CMS...

Azar Waives HIPAA Privacy Rule Sanctions for Hurricane Response

by

HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions that apply to hospitals to enable greater sharing of information in response to Hurricane Florence making landfall on the East...

Reliable Respiratory Says Phishing Attack Affected 21K Individuals

by

Massachusetts-based medical equipment supplier Reliable Respiratory reported to OCR on Sept. 1 that a phishing attack exposed PHI on 21,311 individuals. In a notice on its website, Reliable Respiratory said that on July 3 it discovered a...

Bill Would Exempt HIPAA Covered Entities from California Privacy Law

by

The California legislature has passed amendments to the sweeping California Consumer Privacy Act that would, among other changes, exempt HIPAA covered entities and business associates from the state law’s requirements. It would also...

OIG Backs FDA Process Changes To Boost Medical Device Security

by

To improve medical device security, the HHS Office of the Inspector General (OIG) is recommending that the FDA better integrate cybersecurity criteria into its premarket review process for medical devices. In a report released Sept. 10,...

Arc of Erie County Hit With $200K Fine for HIPAA Violation

by

The New York Attorney General has levied a $200,000 fine on Arc of Erie County for a HIPAA violation that exposed ePHI on 3,751 clients. The Buffalo-based nonprofit, which provides services to people with developmental disabilities,...

Smart Wristband Raises Health Data Security, Privacy Concerns

by

Rutgers University researchers have created a new smart wristband with a biosensor that can count particles in the user’s blood and transmit that data via Bluetooth to a nearby smartphone. While this technology could have a major...

New PCORI Policy Has Data Rules In Line with HIPAA Regulations

by

A new data sharing policy adopted by the Patient-Centered Outcomes Research Institute (PCORI) stipulates that all personally identifiable health information must be deidentified in accordance with HIPAA regulations. On Sept. 7, the PCORI...

Consumers Have Most Confidence In Physician’s Health Data Security

by

A full 87 percent of consumers surveyed by Rock Health said that they had confidence in the health data security of their physician, but that number dropped to 68 percent for pharmacies and 60 percent for health insurance...

FDA Expects Updated Medical Device Security Guidance This Fall

by

The FDA plans to update its premarket guidance for medical device security this fall, said FDA Commissioner Scott Gottlieb during a Sept. 5 speech to the Medical Device Innovation Consortium 2018 Annual Public Forum. The guidance will...

Healthcare Data Presents Lucrative Target for Cyberattackers

by

The healthcare sector will remain one of the most targeted industries by cyberattackers because of its valuable healthcare data, judged a report published Sept. 6 by Marsh & McLennan Companies' Global Risk Center. In fact, more...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...