Healthcare Information Security

Data Security

Congress Unveils Bipartisan Bill for IoT Cybersecurity Standards

March 14, 2019 - A group of bipartisan Senators and House members recently introduced legislation that would establish security requirements around IoT devices purchased by government agencies, such as the Department of Health and Human Services. Introduced by Sens. Mark Warner (D-VA), Cory Gardner (R-CO), Maggie Hassan (D-NH), and Steve Daines (R-MT), alongside Reps. Robin Kelly (D-IL) and Will Hurd...


More Articles

Ohio Enacts Law with Cybersecurity Requirements for Health Insurers

by Jessica Davis

A new Ohio Senate Bill will go into effect on March 20, which will create new cybersecurity requirements for insurance companies, including health plans. The bill is based on the National Association of Insurance Commissioners’...

California Moves to Close Gaps in Data Breach Notification Law

by Jessica Davis

California Attorney General Xavier Becerra and Assembleymember Marc Levine are seeking to strengthen the state’s data breach notification law, which aims to close a loophole and expand requirements to include compromised biometrics...

15 Million Patient Records Breached in 2018; Hacking, Phishing Surges

by Jessica Davis

Fifteen million patient records were breached during 503 healthcare data breaches in 2018, nearly triple the amount of reported incidents from the previous year, according to the Protenus 2019 Breach Barometer. Protenus analyzed the...

How Multi-Factor Authentication Can Combat Phishing, Cyberattacks

by Jessica Davis

Healthcare has been steadily moving into consumerization, as the industry shifts into value-based care and patients demand easier access to their data. At the same time, cyber threats and hackers have increased in sophistication,...

Credential Compromise Top Goal of Phishing Attacks in 2018

by Jessica Davis

Phishing attacks exploded in 2018, with hackers leveraging the attacks in hopes to score the credentials from their victims, according to a new report from Proofpoint researchers. Compromising credentials as the goal of phishing attacks...

San Diego School District Phishing Hack Includes Health Data

by Jessica Davis

San Diego Unified School District fell victim to a phishing attack, which breached the personal data, including health information, of more than 500,000 students and staff. The hacker gained access to staff credentials using a targeted...

Medtronic Ventilator Recalled by FDA for Software Update

by Jessica Davis

The Food and Drug Administration released an alert about a global voluntary corrective field action on Medtronic’s Puritan Bennett 980 ventilators. The action was announced this week and began on September 19. The FDA classified the...

McLean Hospital Pays Massachusetts $75,000 for 2015 Breach

by Jessica Davis

Belmont, Massachusetts-based McLean Hospital settled with the state over its 2015 data breach, agreeing to implement new security and training and pay $75,000. The settlement will resolve claims the psychiatric hospital exposed the data...

Social Media Needs Transparent Privacy Policies for Healthcare Data

by Jessica Davis

Two healthcare leaders are calling for greater transparency and stronger laws that outline the data collection practices of social media platforms. In Applied Clinical Informatics, Carolyn Petersen, Mayo Clinic Global Business Solutions...

Third-Party Vendor Hack Breaches 48,000 Baylor Frisco Patients

by Jessica Davis

Texas-based Baylor Scott and White Medical Center-Frisco is notifying about 47,948 patients or guarantors that their payment information was exposed for a week, after a hack on its third-party vendor’s credit card processing...

Pennsylvania Judge Rules UPMC Must Protect Employee Data

by Jessica Davis

The Pennsylvania Supreme Court ruled last week that the University of Pittsburgh Medical Center is responsible for protecting personal employee data from hackers: The latest in a lengthy class-action lawsuit filed by UPMC employees against...

176.3 Patient Records Taken in Reported Breaches Since 2009

by Jessica Davis

Hacking is less common in the healthcare sector than theft and unauthorized disclosure, but those cybercriminals stole more than half of the breached patient records from 2009 to 2017, according to a new JAMA Internal Medicine report. The...

‘Payment Notification’ Is Top Healthcare Phishing Attack Subject

by Fred Donovan

The term “Payment Notification” is the top healthcare phishing attack subject, appearing in 58 percent of healthcare phishing attack campaigns in 2018, according to the latest data from Cofense. Other popular subjects in...

NTIA Privacy Principles Plan Parallels NIST Privacy Framework Bid

by Fred Donovan

In parallel with the NIST Privacy Framework effort, the Commerce Department’s NTIA is working on a set of consumer data privacy principles. On Tuesday, it published a request for comment to get consumer and industry feedback on the...

Consumers Have Most Confidence In Physician’s Health Data Security

by Fred Donovan

A full 87 percent of consumers surveyed by Rock Health said that they had confidence in the health data security of their physician, but that number dropped to 68 percent for pharmacies and 60 percent for health insurance...

Dermatology Clinics See Rash of Healthcare Data Breaches

by Fred Donovan

A pair of dermatology clinics reported to OCR this month healthcare data breaches that exposed PHI on a total of 5,375 patients. Maryland-based Anne Arundel Dermatology told OCR on August 9 that 1,310 individuals were affected by the...

OIG Faults Maryland for Inadequate Medicaid Data Security

by Fred Donovan

The HHS Office of Inspector General (OIG) has found that Maryland’s Medicaid data security program has failed to secure sensitive data and information systems. An OIG audit released August 14 concluded that numerous, significant...

ICS-CERT Flags Medtronic Devices for Cybersecurity Vulnerabilities

by Fred Donovan

A Medtronic patient monitor and an insulin pump were flagged this week by ICS-CERT for cybersecurity vulnerabilities that could expose sensitive data to attackers. The Medtronic MyCareLink patient monitor suffers from insufficient...

Court Rejects Review of FTC Actions in LabMD Data Security Case

by Fred Donovan

A federal appeals court rejected a request by LabMD founder Michael Daugherty for a review of a previous decision that shielded FTC lawyers from allegations that they engaged in unfair enforcement action regarding the now-defunct medical...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...