Healthcare Information Security

Cybersecurity Best Practices

Most Healthcare Workers Admit to Non-Secure Healthcare Data Sharing

by Fred Donovan

Most healthcare workers surveyed admit to non-secure healthcare data sharing using email. A disturbing 87 percent of healthcare workers admit to using non-secure email to send sensitive information, including PHI, according to survey data...

Healthcare Providers Score High on Ransomware Attack Mitigation

by Fred Donovan

Researchers have found that healthcare providers are doing a good job of implementing recommendations in the ONC SAFER Guides’ contingency planning guide, which was updated last year to incorporate strategies for ransomware attack...

Navy, USAF Could Face HIPAA Violation Fines for Lax EHR Security

by Fred Donovan

The US Navy and US Air Force have poor security practices for their electronic health record (EHR) systems and could face millions of dollars in HIPAA violation fines if action is not taken to correct these problems, warned the Department...

Helping Struggling Hospitals Recover from Ransomware Attacks

by Fred Donovan

The biggest cybersecurity issue for hospitals is response and recovery from ransomware attacks, observed Fernando Martinez, senior vice president and chief digital officer at the Texas Hospital Association and president/CEO of Texas...

Healthcare Industry Scores Low on Data Security Knowledge

by Fred Donovan

The healthcare industry is one of the worst when it comes to data security knowledge, according to data from Wombat Security’s learning management system. Customers in the healthcare industry answered 23 percent of IT security...

House Wants Advice on Easing Device Cybersecurity Vulnerabilities

by Fred Donovan

The House Energy and Commerce Committee wants public input on how to reduce cybersecurity vulnerabilities in legacy healthcare IT systems and medical devices. Citing the 2017 WannaCry ransomware attack that exploited a flaw in a 30-year...

Orangeworm Jeopardizes Healthcare Data Security at Large Firms

by Fred Donovan

A new cyber group called Orangeworm is undermining healthcare data security at large firms using malware known as Trojan.Kwampirs to gain remote access to compromised computers, warned security firm Symantec in a new report released April...

Cybersecurity Vulnerabilities Could Expose PHI in Heart Device

by Fred Donovan

Attackers with physical access to the Biosense Webster CARTO 3 version 4 (V4) heart imaging device could exploit cybersecurity vulnerabilities in the operating system to access protected health information (PHI) stored on the device,...

Reducing Cybersecurity Vulnerabilities Part of FDA Action Plan

by Fred Donovan

The Food and Drug Administration (FDA) is asking Congress for additional authority and funding to expand its efforts to improve medical device safety, including reducing cybersecurity vulnerabilities in devices, said FDA Commissioner Scott...

Applying Inogen Data Breach Lessons to Healthcare Providers

by Fred Donovan

The recent Inogen data breach, in which hackers were able to penetrate an employee’s email account, highlights the need for healthcare organizations to use multifactor authentication (MFA) to control access and to get...

NIST Unveils Latest Version of Its Popular Cybersecurity Framework

by Fred Donovan

The National Institute of Standards and Technology (NIST) recently released version 1.1 of its popular Cybersecurity Framework, which incorporates feedback received from public comments and workshops during 2016 and 2017. Version 1.1...

Survey Finds Lax Patching Practices Feed Healthcare Data Breaches

by Fred Donovan

Patching vulnerabilities in your systems and applications is one of the most important steps you can take to prevent a healthcare data breach at your organization. Yet, a majority of security professionals in the healthcare and...

Healthcare Pros Worry about Data Security at Other Organizations

by Fred Donovan

Many healthcare professionals are conflicted when it comes to data security. More than three-fourths of 122 healthcare professionals surveyed by security vendor Venafi at HIMSS18 are worried about healthcare data security, yet 68 percent...

Preparing for a Potential Healthcare Data Breach Investigation

by Elizabeth Snell

A current and comprehensive risk management plan, including a good auditing process, will be critical for organizations that must deal with a healthcare data breach investigation. Covered entities and business associates will be better...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which...

Attorneys General Stress Need for State Data Breach Laws

by Elizabeth Snell

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan. The letter explains...

Threat Intelligence Sharing Essential for Healthcare Cybersecurity

by Elizabeth Snell

The National Health Information Sharing and Analysis Center (NH-ISAC) constantly stresses the need for threat intelligence sharing in the healthcare sector, especially as cybersecurity threats grow increasingly...

Utilizing Holistic Cybersecurity Measures Against Evolving Threats

by Elizabeth Snell

It is essential for healthcare providers to evolve their cybersecurity program to stay ahead of evolving threats, utilizing holistic cybersecurity measures that focus on prevention, detection, and response. That was the focus of a HIMSS18...

Federal Cybersecurity Program Funding Urged in Letter to Congress

by Elizabeth Snell

The Department of Homeland Security’s (DHS) federal cybersecurity program will greatly benefit from increased funding in Fiscal Year 2019, according to a trio of lawmakers. Reps. John Ratcliffe (R-Texas), Jim Langevin (D-R.I.) and...

Improving Cybersecurity Response in Healthcare Organizations

by Elizabeth Snell

Organizations must have the right staff members in place who are properly trained, and also have appropriate technical tools to ensure that a proper cybersecurity response can occur following a data security incident. Healthcare entities...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...