Most US Consumers Worry about Electronic Health Records Breach
A full 80 percent of 1,000 US consumer surveyed by Unisys are concerned that hackers could access their electronic health records (EHRs) at their healthcare provider. Breaking that down, 14 percent are very concerned about an EHR breach,...FDA Takes Steps to Beef Up Medical Device Security Bona Fides
The FDA has taken some recent steps to beef up its bona fides in medical device security. First, it recently signed a memorandum of agreement with the Department of Homeland Security to implement a new framework for increased...MNIT Commissioner Faces Legislative Scrutiny Over Phishing Attacks
Minnesota IT Services (MNIT) Commissioner Johanna Clyborne faced criticism for the four-month delay in informing victims of two phishing attacks that exposed PHI and other personal information on 20,800 clients of the Minnesota Department...Health Data Breach on Healthcare.gov Portal Affects 75K People
Personal information of around 75,000 individuals is at risk from a health data breach that affected a Healthcare.gov portal for agents and brokers, CMS announced Oct. 19. The breached portal, called the Direct Enrollment pathway, allows...Mistakes, Not Hacks, Make Up Bulk of Medicaid Data Breaches
Most of the Medicaid data breaches that state agencies and their contractors reported in 2016 disclosed information about a single individual and often resulted from misdirected letters or faxes, according to a report released last week by...Sponsored by Insight
Developing a Successful, Sustainable Mobile Device Management Program for Healthcare
The proliferation of mobile devices in healthcare has led to an increase in the number of potential threat vectors that could expose sensitive health data. According to the Verizon Mobile Security Index 2018, healthcare organizations are...CISOs Need to Be Both Healthcare IT Security and Business Experts
CISOs need to be business experts as well as healthcare IT security experts, observed University of Chicago Medicine VP and CIO Heather Nelson during her Oct. 19 keynote address at the Safeguarding Health Information: Building Assurance...OCR Drafts NPRM on ‘Good Faith’ Patient Data Disclosure Rules
OCR is drafting a notice of proposed rulemaking (NPRM) on “good faith” disclosures of patient data by healthcare providers in patient emergencies, such as an opioid overdose. This disclosure could be done without the...NCCoE Unveils Vendor Partners for Medical Device Security Project
The NIST-backed National Cybersecurity Center of Excellence (NCCoE) unveiled this week an initial set of vendor partners for a medical device security project called Securing Picture Archiving and Communication Systems (PACS). The vendor...PHI on 37K at Risk in Gold Coast Health Plan Phishing Attack
California-based Gold Coast Health Plan (GCHP) reported to OCR Oct. 5 that a phishing attack exposed PHI on 37,005 individuals. In a Oct. 8 news release, GCHP said that attackers compromised an employee’s email account,...Healthcare Organizations Struggle with Vendor IT Security Risks
BOSTON – Healthcare organizations have a range of approaches for assessing and managing the IT security risks posed by third-party vendors, one of the biggest sources of frustration for security teams. St. Luke’s Health System...SRA Tool 3.0 Expands Application to More Health Data Security Risks
OCR and ONC have updated their security risk assessment (SRA) tool (3.0) to improve usability and expand its application to a broader range of health data security risks. The agencies developed the tool to help small to medium-sized...Risk Posed By 3rd-Party Services Is Big Healthcare Security Worry
BOSTON—Security risks posed by integration of third-party patient services will be an ongoing healthcare security concern for organizations, commented Johns Hopkins University and Medicine CISO Darren Lacey during a panel...Anthem to Pay Record $16M for HIPAA Violations Exposing 79M Records
Anthem has agreed to pay a record $16 million, almost three times the previous highest HIPAA penalty, and to take correct actions to settle HIPAA violations that exposed the ePHI of close to 79 million people, OCR announced Oct....Security Leaders Will Need to Protect Patient Privacy at Home
BOSTON – Healthcare security leaders need to think beyond protecting the organization to protecting patient privacy and data security at home in the coming years, observed Christiana Care Health System CISO Anahi Santiago. “At...FDA Warns of Cybersecurity Vulnerabilities in CareLink Programmers
The FDA has issued a medical device safety alert about cybersecurity vulnerabilities in Medtronic’s CareLink programmers that could enable an attacker to change the functionality of the programmer or the implanted pacemaker it...Sponsored by Insight