Healthcare Information Security

Health IT Security and HIPAA News

NCCoE Unveils Vendor Partners for Medical Device Security Project

by

The NIST-backed National Cybersecurity Center of Excellence (NCCoE) unveiled this week an initial set of vendor partners for a medical device security project called Securing Picture Archiving and Communication Systems (PACS). The vendor...

PHI on 37K at Risk in Gold Coast Health Plan Phishing Attack

by

California-based Gold Coast Health Plan (GCHP) reported to OCR Oct. 5 that a phishing attack exposed PHI on 37,005 individuals. In a Oct. 8 news release, GCHP said that attackers compromised an employee’s email account,...

Healthcare Organizations Struggle with Vendor IT Security Risks

by

BOSTON – Healthcare organizations have a range of approaches for assessing and managing the IT security risks posed by third-party vendors, one of the biggest sources of frustration for security teams. St. Luke’s Health System...

SRA Tool 3.0 Expands Application to More Health Data Security Risks

by

OCR and ONC have updated their security risk assessment (SRA) tool (3.0) to improve usability and expand its application to a broader range of health data security risks. The agencies developed the tool to help small to medium-sized...

Risk Posed By 3rd-Party Services Is Big Healthcare Security Worry

by

BOSTON—Security risks posed by integration of third-party patient services will be an ongoing healthcare security concern for organizations, commented Johns Hopkins University and Medicine CISO Darren Lacey during a panel...

Anthem to Pay Record $16M for HIPAA Violations Exposing 79M Records

by

Anthem has agreed to pay a record $16 million, almost three times the previous highest HIPAA penalty, and to take correct actions to settle HIPAA violations that exposed the ePHI of close to 79 million people, OCR announced Oct....

Security Leaders Will Need to Protect Patient Privacy at Home

by

BOSTON – Healthcare security leaders need to think beyond protecting the organization to protecting patient privacy and data security at home in the coming years, observed Christiana Care Health System CISO Anahi Santiago. “At...

FDA Warns of Cybersecurity Vulnerabilities in CareLink Programmers

by

The FDA has issued a medical device safety alert about cybersecurity vulnerabilities in Medtronic’s CareLink programmers that could enable an attacker to change the functionality of the programmer or the implanted pacemaker it...

Azar Issues 2nd HIPAA Privacy Rule Waiver in As Many Months

by

As in the case of Hurricane Florence, HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions for areas impacted by Hurricane Michael. The waiver is intended to enable greater information...

Aetna Reaches Settlements with State AGs Over HIPAA Violations

by

Health insurer Aetna has reached settlements with a number of state attorney generals over HIPAA violations resulting from mailings to HIV/AIDS and cardiac patients, the New Jersey attorney general announced Oct. 10. The three states and...

‘Payment Notification’ Is Top Healthcare Phishing Attack Subject

by

The term “Payment Notification” is the top healthcare phishing attack subject, appearing in 58 percent of healthcare phishing attack campaigns in 2018, according to the latest data from Cofense. Other popular subjects in...

Michigan Medicine Reports 2nd Healthcare Data Breach This Year

by

The University of Michigan’s Michigan Medicine reported to OCR on Sept. 28 that there was an unauthorized access/disclosure of paper records that affected 3,624 individuals. In a press release, Michigan Medicine said that there was...

Woman Charges WV Firm With Violating Her Patient Privacy Rights

by

Elizabeth Fry, a resident of Logan County, West Virginia, has filed a state lawsuit in Kanasha Circuit Court charging that Charleston-based Molina Information Systems violated her patient privacy rights by providing third party access to...

OIG Forms Team to Protect HHS, Boost Cybersecurity Best Practices

by

The HHS OIG has formed a multidisciplinary cybersecurity team composed of auditors, evaluators, investigators, and attorneys from various HHS agencies to help protect department data and systems and foster cybersecurity best practices...

Same Cybersecurity Vulnerability Uncovered in Different Devices

by

Security researcher Dan Regalado at Zingbox uncovered the same cybersecurity vulnerability — information exposure through an error message — in two medical devices made by different manufacturers. Regalado then notified the...

Hospitals Fail at HIPAA Compliance Re Medical Records Requests

by

Many hospitals failed at HIPAA compliance in response to simulated patients’ requests for medical records, according to a study by Yale researchers published in the JAMA Network Open. The researchers surveyed 83 top-ranked US...

California Court Denies Motion to Dismiss Health Data Breach Suit

by

The California Superior Court has denied a motion to dismiss a class action lawsuit against A.J. Boggs & Company for a health data breach that exposed confidential medical records of 93 individuals with HIV, Lambda Legal, who is...

Healthcare IT Execs Lack Confidence in Medical Device Security

by

More than 60 percent of healthcare IT executives lack confidence that their current medical device security strategy protects patient safety and prevents disruptions in care. The survey found that only 39 percent of respondents were...

Healthcare Data Security Threatened by APTs Targeting MSPs

by

Advanced persistent threats (APTs) are targeting managed service providers’ networks, endangering healthcare data security and data security in other US critical infrastructure sectors, warned the National Cybersecurity and...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...