Healthcare Information Security

Data Breach Response Plan

Alabama Last US State to Enact Data Breach Notification Law

April 4, 2018 - Alabama Governor Kay Ivey has inked a data breach notification law that requires organizations and agencies to notify data breach victims within 45 days, becoming the last US state to enact such a statute. The law, which takes effect May 1, includes medical and health insurance information in the definition of “personally identifying information” subject to notification. In...


More Articles

Healthcare Pros Worry about Data Security at Other Organizations

by Fred Donovan

Many healthcare professionals are conflicted when it comes to data security. More than three-fourths of 122 healthcare professionals surveyed by security vendor Venafi at HIMSS18 are worried about healthcare data security, yet 68 percent believe...

South Dakota is 49th State to Pass Data Breach Notification Law

by Elizabeth Snell

South Dakota became the 49th state to have a data breach notification law when Governor Dennis Daugaard signed SB 62 into law on March 21, 2018. The bill includes health information in its definition of personal information as well, which should...

Attorneys General Stress Need for State Data Breach Laws

by Elizabeth Snell

It would be greatly detrimental to have federal regulations that preempt state data security and state data breach laws, according to a group of 32 attorneys general, led by Illinois Attorney General Lisa Madigan. The letter explains concerns...

Utilizing Holistic Cybersecurity Measures Against Evolving Threats

by Elizabeth Snell

It is essential for healthcare providers to evolve their cybersecurity program to stay ahead of evolving threats, utilizing holistic cybersecurity measures that focus on prevention, detection, and response. That was the focus of a HIMSS18 education...

Improving Cybersecurity Response in Healthcare Organizations

by Elizabeth Snell

Organizations must have the right staff members in place who are properly trained, and also have appropriate technical tools to ensure that a proper cybersecurity response can occur following a data security incident. Healthcare entities in particular...

Alabama Data Breach Notification Act Accounts for Medical Data

by Elizabeth Snell

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The Alabama...

70K Notified in Tufts Health Plan Data Breach in Vendor Error

by Elizabeth Snell

A vendor that handles the mailing of member identification (ID) cards reportedly sent out envelopes with patient information visible in the mailing window, which created a Tufts Health Plan data breach. Tufts Medicare Preferred ID cards were...

MA Data Breach Reporting Tool Aids in Notification Process

by Elizabeth Snell

Massachusetts businesses and organizations that need to complete the data breach notification process will now be able to do so through an online data breach reporting tool. Massachusetts Attorney General Maura Healey explained in a statement...

How Much Do Healthcare Data Breaches Cost Organizations?

by Elizabeth Snell

Healthcare data breaches can be devastating for any covered entity, but the subsequent recovery costs are often quite expensive. Implementing technological tools to aid in prevention and detection measures are not cheap, but not taking necessary...

Colorado Data Privacy Law Updated, Includes Medical Information

by Elizabeth Snell

Bipartisan legislation aiming to improve current data privacy laws was recently introduced in Colorado. The bill would require entities implement “reasonable security procedures” to protect consumers’ personal information and...

Why Providers Need a Disaster Recovery Plan for EHR Security

by Elizabeth Snell

Whether healthcare providers are working to prepare for potential natural disasters like hurricanes or manmade cybersecurity issues (i.e., ransomware attacks, insider data breaches) having a disaster recovery plan is essential. Entities of all...

Allscripts Ransomware Attack Impacts Limited Number of Applications

by Elizabeth Snell

UPDATE: An Allscripts spokesperson emailed an additional update to HealthITSecurity.com on January 26, 2018 about the ransomware attack.  An Allscripts ransomware attack was reported on January 18, 2018, with certain applications made inaccessible....

NC Data Breach Legislation Accounts for Ransomware Attacks

by Elizabeth Snell

Following an increase in reported state data breaches in 2017, North Carolina’s attorney general and a state representative introduced data breach legislation to better protect individuals. The updated Act to Strengthen Identity Theft Protections...

Are Orgs Filling Necessary Healthcare Cybersecurity Roles?

by Elizabeth Snell

Without the right healthcare cybersecurity roles being filled at covered entities, it can be more difficult for organizations to ensure that sensitive data remains secure. Along with CISOs, privacy officers, and compliance officers, entities...

5 Tips for a Strong Healthcare Data Breach Response

by Bill Kleyman

No one wants to experience an active security situation. A data breach will result in numerous sleepless nights, big expenses, and lots of lost confidence. The challenge, however, is that healthcare data is just so valuable. In the 2017 Ponemon...

Senator Urges Prompt Data Breach Disclosure in Recent Bill

by Elizabeth Snell

Florida Senator Bill Nelson introduced legislation toward the end of November 2017 that would require organizations to adhere to a more prompt data breach disclosure process. Companies that do not follow the requirements and attempt to deliberately...

Survey Shows US Cybersecurity Attacks Costing Orgs More Money

by Elizabeth Snell

More US-based organizations are investing in their IT security and physical security measures, but the costs of cybersecurity attacks are still on the rise, according to recent research. CSO, the CERT Division of the Software Engineering...

HIPAA Info Included in Updated MD Data Breach Notification Law

by Elizabeth Snell

Maryland has updated its data breach notification law, with information protected under HIPAA to be included under the definition of personal information. Should that data be compromised in a data breach, state organizations will need to notify...

Single National Data Breach Notification Standard Proposed

by Elizabeth Snell

A recently proposed bill calls for a single national data breach notification standard, which would replace the existing state notification laws and “clarify and strengthen” organizations’ reporting obligations. Rhode Island...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks