Healthcare Information Security

Data Breach Response Plan

The Hits and Misses of HHS Healthcare Cybersecurity Guidelines

January 30, 2019 - The Department of Health and Human Services released a four-volume set of cybersecurity guidelines for the healthcare sector last month, which was applauded by many for its extensive breakdown of both risks and mitigations. Drafted in partnership with over 150 cybersecurity healthcare and cybersecurity leaders, the guide effectively breaks down cybersecurity needs by organization size...


More Articles

Healthcare Cyberattacks Cost $1.4 Million on Average in Recovery

by Jessica Davis

The average healthcare organization spent $1.4 million to recover from a cyberattack, according to a recent report from Radware. The number is slightly lower than other industries, which spent $1.67 million. The Radware 2018-2019 Global...

Zero-Day Virus Forces EHR Downtime at 21 Health Science North Hospitals

by Jessica Davis

The computer system of Sudbury, Ontario-based Health Sciences North was infected by a zero-day virus, driving officials to shut down its EHR to contain the infection, according to local news outlet CBC Radio-Canada. Staff at the Sudbury...

Malware Attack Hits University of Maryland Medical System

by Jessica Davis

The University of Maryland Medical System was hit by a malware attack early Sunday morning, disrupting some IT system functions. According to officials, an outside source attempted to infiltrate the IT systems with a malware virus around...

Judge Gives Final OK to $115M Anthem Data Breach Settlement

by Fred Donovan

US District Judge Lucy Koh has given final approval to a $115 million settlement that ends further claims against Anthem over its 2015 data breach that exposed personal information on 79 million people. Potentially exposed data included...

Alabama Last US State to Enact Data Breach Notification Law

by Fred Donovan

Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect...

Healthcare Pros Worry about Data Security at Other Organizations

by Fred Donovan

Many healthcare professionals are conflicted when it comes to data security. More than three-fourths of 122 healthcare professionals surveyed by security vendor Venafi at HIMSS18 are worried about healthcare data security, yet 68 percent...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which...

Attorneys General Stress Need for State Data Breach Laws

by Elizabeth Snell

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan. The letter explains...

Utilizing Holistic Cybersecurity Measures Against Evolving Threats

by Elizabeth Snell

It is essential for healthcare providers to evolve their cybersecurity program to stay ahead of evolving threats, utilizing holistic cybersecurity measures that focus on prevention, detection, and response. That was the focus of a HIMSS18...

Improving Cybersecurity Response in Healthcare Organizations

by Elizabeth Snell

Organizations must have the right staff members in place who are properly trained, and also have appropriate technical tools to ensure that a proper cybersecurity response can occur following a data security incident. Healthcare entities...

Alabama Data Breach Notification Act Accounts for Medical Data

by Elizabeth Snell

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The...

70K Notified in Tufts Health Plan Data Breach in Vendor Error

by Elizabeth Snell

A vendor that handles the mailing of member identification (ID) cards reportedly sent out envelopes with patient information visible in the mailing window, which created a Tufts Health Plan data breach. Tufts Medicare Preferred ID cards...

MA Data Breach Reporting Tool Aids in Notification Process

by Elizabeth Snell

Massachusetts businesses and organizations that need to complete the data breach notification process will now be able to do so through an online data breach reporting tool. Massachusetts Attorney General Maura Healey explained in a...

How Much Do Healthcare Data Breaches Cost Organizations?

by Elizabeth Snell

Healthcare data breaches can be devastating for any covered entity, but the subsequent recovery costs are often quite expensive. Implementing technological tools to aid in prevention and detection measures are not cheap, but not taking...

Colorado Data Privacy Law Updated, Includes Medical Information

by Elizabeth Snell

Bipartisan legislation aiming to improve current data privacy laws was recently introduced in Colorado. The bill would require entities implement “reasonable security procedures” to protect consumers’ personal information...

Why Providers Need a Disaster Recovery Plan for EHR Security

by Elizabeth Snell

Whether healthcare providers are working to prepare for potential natural disasters like hurricanes or manmade cybersecurity issues (i.e., ransomware attacks, insider data breaches) having a disaster recovery plan is essential. Entities...

Allscripts Ransomware Attack Impacts Limited Number of Applications

by Elizabeth Snell

UPDATE: An Allscripts spokesperson emailed an additional update to HealthITSecurity.com on January 26, 2018 about the ransomware attack.  An Allscripts ransomware attack was reported on January 18, 2018, with certain applications...

NC Data Breach Legislation Accounts for Ransomware Attacks

by Elizabeth Snell

Following an increase in reported state data breaches in 2017, North Carolina’s attorney general and a state representative introduced data breach legislation to better protect individuals. The updated Act to Strengthen Identity...

Are Orgs Filling Necessary Healthcare Cybersecurity Roles?

by Elizabeth Snell

Without the right healthcare cybersecurity roles being filled at covered entities, it can be more difficult for organizations to ensure that sensitive data remains secure. Along with CISOs, privacy officers, and compliance officers,...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...