Healthcare Information Security

Cybersecurity Best Practices

Software Patching Integral to PHI Data Security, HIPAA Compliance

July 3, 2018 - Healthcare organizations and vendors are responsible for identifying and mitigating the risks unpatched software poses to ePHI as part of their HIPAA compliance, OCR advised in its June Cybersecurity Newsletter. As part of their risk analysis requirement under the HIPAA Security Rule, covered entities and business associates are required to implement measures to reduce risks and vulnerabilities...


More Articles

Top 10 Cybersecurity Best Practices for Healthcare CISOs

by Fred Donovan

Faced with an onslaught of threats these days, healthcare chief information security officers (CISOs) need to take a deep breath and focus on cybersecurity best practices. The number and frequency of these threats—ransomware, cryptocurrency...

Siemens Flags Cybersecurity Vulnerabilities in RAPID Blood-Gas Analyzers

by Fred Donovan

Siemens Healthineers is warning about two cybersecurity vulnerabilities affecting its RAPID blood-gas analyzers that could enable attackers to compromise the confidentiality, integrity, and availability of the devices.  The vulnerabilities...

Congress Turns Up Heat on HHS About Cybersecurity Threat Report

by Fred Donovan

Congress is taking HHS to task about problems with the department’s cybersecurity threat report required by the Cybersecurity Information Sharing Act of 2015. The HHS Cyber Threat Preparedness Report (CTPR) “omitted or lacked sufficient...

Older Healthcare OSes Open to Cybersecurity Vulnerabilities

by Fred Donovan

The healthcare industry is the slowest industry in upgrading to Windows 10, meaning that many in healthcare are running older versions of Windows more susceptible to cybersecurity vulnerabilities, according to the latest data from Duo Security....

HITRUST Unveils Certification for NIST Cybersecurity Framework

by Fred Donovan

The Health Information Trust Alliance (HITRUST) launched May 22 a certification program for the NIST Cybersecurity Framework (CSF) that makes it easier for security teams to report on their implementation of the framework to upper management,...

Most Healthcare Workers Admit to Non-Secure Healthcare Data Sharing

by Fred Donovan

Most healthcare workers surveyed admit to non-secure healthcare data sharing using email. A disturbing 87 percent of healthcare workers admit to using non-secure email to send sensitive information, including PHI, according to survey data provided...

Healthcare Providers Score High on Ransomware Attack Mitigation

by Fred Donovan

Researchers have found that healthcare providers are doing a good job of implementing recommendations in the ONC SAFER Guides’ contingency planning guide, which was updated last year to incorporate strategies for ransomware attack mitigation....

Navy, USAF Could Face HIPAA Violation Fines for Lax EHR Security

by Fred Donovan

The US Navy and US Air Force have poor security practices for their electronic health record (EHR) systems and could face millions of dollars in HIPAA violation fines if action is not taken to correct these problems, warned the Department of...

Helping Struggling Hospitals Recover from Ransomware Attacks

by Fred Donovan

The biggest cybersecurity issue for hospitals is response and recovery from ransomware attacks, observed Fernando Martinez, senior vice president and chief digital officer at the Texas Hospital Association and president/CEO of Texas Hospital...

Healthcare Industry Scores Low on Data Security Knowledge

by Fred Donovan

The healthcare industry is one of the worst when it comes to data security knowledge, according to data from Wombat Security’s learning management system. Customers in the healthcare industry answered 23 percent of IT security best...

House Wants Advice on Easing Device Cybersecurity Vulnerabilities

by Fred Donovan

The House Energy and Commerce Committee wants public input on how to reduce cybersecurity vulnerabilities in legacy healthcare IT systems and medical devices. Citing the 2017 WannaCry ransomware attack that exploited a flaw in a 30-year software...

Orangeworm Jeopardizes Healthcare Data Security at Large Firms

by Fred Donovan

A new cyber group called Orangeworm is undermining healthcare data security at large firms using malware known as Trojan.Kwampirs to gain remote access to compromised computers, warned security firm Symantec in a new report released April 23....

Cybersecurity Vulnerabilities Could Expose PHI in Heart Device

by Fred Donovan

Attackers with physical access to the Biosense Webster CARTO 3 version 4 (V4) heart imaging device could exploit cybersecurity vulnerabilities in the operating system to access protected health information (PHI) stored on the device, warned the...

Applying Inogen Data Breach Lessons to Healthcare Providers

by Fred Donovan

The recent Inogen data breach, in which hackers were able to penetrate an employee’s email account, highlights the need for healthcare organizations to use multifactor authentication (MFA) to control access and to get robust cyber...

NIST Unveils Latest Version of Its Popular Cybersecurity Framework

by Fred Donovan

The National Institute of Standards and Technology (NIST) recently released version 1.1 of its popular Cybersecurity Framework, which incorporates feedback received from public comments and workshops during 2016 and 2017. Version 1.1 of...

Survey Finds Lax Patching Practices Feed Healthcare Data Breaches

by Fred Donovan

Patching vulnerabilities in your systems and applications is one of the most important steps you can take to prevent a healthcare data breach at your organization. Yet, a majority of security professionals in the healthcare and pharmaceutical...

Healthcare Pros Worry about Data Security at Other Organizations

by Fred Donovan

Many healthcare professionals are conflicted when it comes to data security. More than three-fourths of 122 healthcare professionals surveyed by security vendor Venafi at HIMSS18 are worried about healthcare data security, yet 68 percent believe...

Preparing for a Potential Healthcare Data Breach Investigation

by Elizabeth Snell

A current and comprehensive risk management plan, including a good auditing process, will be critical for organizations that must deal with a healthcare data breach investigation. Covered entities and business associates will be better able to...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which should...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks

Continue to site...