Healthcare Information Security

Cybersecurity Best Practices

OCR Settles with Cottage Health for $3M After 2 Patient Data Breaches

February 7, 2019 - California-based Cottage Health settled with the Department of Health and Human Services’ Office for Civil Rights for $3 million and the adoption of a corrective action plan, over two separate security incidents in 2013 and 2015 that breached the data of more than 62,500 patients. The first breach occurred in December 2013, when Cottage Health’s server was left accessible...


More Articles

HSCC Releases Joint Medical Device Security Lifecycle Guidance

by Jessica Davis

The Healthcare and Public Health Sector Coordinating Council (HSCC) released its medical device guidance on Monday, to help vendors, providers, and other stakeholders secure these devices throughout the product lifecycle. HCSS is a...

Improving Medical Device Security Beyond Patching, Traditional Tools

by Jessica Davis

Medical device security was thrust into the spotlight in 2018, as the Food and Drug Administration continued to bolster its cybersecurity program. In fact, an August MedCrypt report found that since the FDA released its cybersecurity...

Trojan Malware Tops Ransomware as Biggest Hacking Threat to Healthcare

by Jessica Davis

Trojan malware upended ransomware as the greatest hacking threat to the healthcare sector in 2018, according to a new report from Malwarebytes Labs. Specifically, Emotet and Trickbot hacking trojans were the most common malware strains,...

Feds Start Cybersecurity Campaign on Foreign Risks to Private Sector

by Jessica Davis

The National Counterintelligence and Security Center launched its Know Your Risk, Raise Your Shield campaign on Monday, to drive awareness around the increasing risk of foreign cyberattacks on the private sector. The cybersecurity...

Feds Warn Chinese Hackers Launching Targeted Cyberattacks

by Jessica Davis

The Department of Homeland Security Cybersecurity and Infrastructure and Security Agency recently alerted all sectors that Chinese hackers have been actively exploiting relationships between IT service providers and their customers. The...

HHS Releases Best Practice Healthcare Cybersecurity Guidelines

by Jessica Davis

The Department of Health and Human Services issued cybersecurity guidelines for the healthcare sector on Friday, focused on voluntary cybersecurity practices to reduce security risks and bolster cybersecurity programs across the...

User Authentication Most Common Cyber Risk for Hospitals, Health Systems

by Jessica Davis

User authentication deficiencies, endpoint leakage, and excessive user permissions are the three most common cyber risks facing health systems and hospitals, according to new data from Clearwater CyberIntelligence Institute. The...

AI, IoT, Medical Devices Top Health Cybersecurity Predictions for 2019

by Jessica Davis

Cybersecurity continued to be a struggle for many in the healthcare sector this year, with several massive breaches, successful targeted phishing campaigns, and security events caused by human error. While providers struggled with the...

Reduce Employee Email Risk by Taking Decisions Away from Users

by Jessica Davis

Employees and human error often top the list as the healthcare sector’s biggest threat. Considering they are the catalyst for clicking malicious links, engaging with targeted phishing campaigns and mistakenly sending emails to the...

How to Build a Balanced Healthcare Cybersecurity Budget

by Jessica Davis

The majority of healthcare security stakeholders agree that cybersecurity budgets are underfunded. And frankly, health organizations aren’t keeping pace with hackers who are continuously improving in sophistication. Data security...

NIST Seeks Comment on Remote Monitoring, Telehealth Cybersecurity

by Jessica Davis

The National Cybersecurity Center of Excellence at NIST is seeking industry feedback on a draft paper that outlines how to best secure remote monitoring devices and systems for telehealth providers. As many healthcare delivery...

Building a Secure Vendor Relationship with Inventory, Management

by Jessica Davis

The healthcare sector has been a primary target of hackers for more than a year, and the attacks continue to increase in sophistication. While many providers have adjusted their security posture in attempt to shore up some of these...

Hospital Leaders Feel Underprepared for Cybersecurity Threats

by Jessica Davis

About 75 percent of providers and 62 percent of administrators feel underprepared to face cybersecurity risks, due to staffing, training, and awareness, according to a new report from medical device manufacturer Abbott and the Chertoff...

VUMC Fights Healthcare Phishing with Multi-Factor Authentication

by Jessica Davis

The healthcare sector has remained a primary target for phishing attacks in recent years, with highly targeted viruses like SamSam and Ryuk wreaking havoc on the industry. In fact, one in every hundred emails sent globally has malicious...

OCR Recommends Healthcare Cybersecurity Best Practices

by Fred Donovan

As National Cybersecurity Awareness Month draws to a close, OCR is recommending healthcare cybersecurity best practices to prevent cyberattacks from succeeding and lessening their impact if they do succeed. “Because ePHI...

Only 29% of Healthcare Entities Have Full Cybersecurity Program

by Fred Donovan

Only 29 percent of healthcare organizations report having a comprehensive cybersecurity program in place, according to the 2018 CHIME HealthCare’s Most Wired survey released this week. Among those organizations that don’t have...

HHS Opens Healthcare Cybersecurity Center To Aid Private Sector

by Fred Donovan

HHS has opened its Health Sector Cybersecurity Coordination Center (HC3), which will be a healthcare cybersecurity threat analysis and incident response partner to the private sector. HC3 replaces the Healthcare Cybersecurity and...

Server Configuration Is Top Healthcare Software Vulnerability

by Fred Donovan

Server configuration is the top healthcare software vulnerability, followed by information leakage and cryptographic issues, according to Veracode’s State of Software Security (SOSS) study. Other top vulnerabilities for...

CISOs Need to Be Both Healthcare IT Security and Business Experts

by Fred Donovan

CISOs need to be business experts as well as healthcare IT security experts, observed University of Chicago Medicine VP and CIO Heather Nelson during her Oct. 19 keynote address at the Safeguarding Health Information: Building Assurance...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...