Healthcare Information Security

HHS

HHS Still Leads in DMARC Implementation To Stop Phishing Attacks

September 21, 2018 - With the Oct. 16 deadline looming, HHS continues to lead in securing the most domains of any federal agency as part of the DMARC protocol implementation, which is designed to prevent phishing attacks from succeeding. As of Sept. 14, HHS has fully implemented the DMARC, or Domain-based Message Authentication, Reporting, and Conformance, protocol for 105 out of 118 domains, or an 88...


More Articles

Azar Waives HIPAA Privacy Rule Sanctions for Hurricane Response

by Fred Donovan

HHS Secretary Alex Azar has waived sanctions and penalties under certain HIPAA Privacy Rule provisions that apply to hospitals to enable greater sharing of information in response to Hurricane Florence making landfall on the East...

OIG Faults Maryland for Inadequate Medicaid Data Security

by Fred Donovan

The HHS Office of Inspector General (OIG) has found that Maryland’s Medicaid data security program has failed to secure sensitive data and information systems. An OIG audit released August 14 concluded that numerous, significant...

OCR Levies Close to $80M in HIPAA Privacy Rule Fines

by Fred Donovan

OCR has assessed close to $80 million in fines in 55 cases of HIPAA Privacy Rule violations since the rule took effect in April 2003, according to data on the HHS website. OCR has received 184,614 HIPAA complaints and has initiated 902...

HHS Leads Federal Agencies in Email Security Implementation

by Fred Donovan

HHS has secured the most domains of any federal agency as part of the DMARC email security protocol implementation mandated by the Department of Homeland Security (DHS), according to a study by email security firm Agari. The Domain-based...

HHS Pushes for Changes to HIPAA Privacy Rule, 42 CFR Part 2

by Fred Donovan

In the next few months, HHS plans to issue requests for information (RFIs) about changing the HIPAA Privacy Rule and 42 CFR Part 2 to make it easier for doctors, hospitals, and payers to coordinate in delivering value-based care and...

Response to Spectre, Meltdown Cybersecurity Vulnerabilities Queried

by Fred Donovan

US lawmakers want answers from the Software Engineering Institute’s (SEI) CERT Coordination Center (CERT-CC) to questions about the industry's response to the Spectre and Meltdown cybersecurity vulnerabilities disclosed in...

CHIME Says Healthcare Cybersecurity Should Be Innovation Focus

by Fred Donovan

Healthcare cybersecurity should be one focus area of a public-private workgroup that HHS is suggesting to examine healthcare innovation and investment, argued the College of Healthcare Information Management Executives (CHIME) in its...

Michigan Medicine Admits to Healthcare Data Breach in Laptop Theft

by Fred Donovan

University of Michigan’s Michigan Medicine announced June 25 that around 870 patients were affected by a healthcare data breach that involved the theft of an unencrypted laptop with PHI from an employee’s car. The theft...

Recent WannaCrypt Ransomware Attack Not Really Ransomware

by Fred Donovan

When you mention the word WannaCry, health IT security folks break into a cold sweat. They remember the havoc that the WannaCry ransomware attack wreaked on the healthcare industry last year. Cybercriminals claiming to be from the...

Congress Turns Up Heat on HHS About Cybersecurity Threat Report

by Fred Donovan

Congress is taking HHS to task about problems with the department’s cybersecurity threat report required by the Cybersecurity Information Sharing Act of 2015. The HHS Cyber Threat Preparedness Report (CTPR) “omitted or lacked...

Feds Need to Do Better Job With EHR Data Security, Privacy

by Fred Donovan

The US federal government needs to do a better job at EHR data security and privacy, concluded a federal IT systems audit by the Government Accountability Office (GAO) released May 23. The federal government also must ensure privacy is...

Judge Upholds Doc’s Conviction for Criminal HIPAA Violation

by Fred Donovan

US District Judge Mark G. Mastroianni upheld May 16 a federal jury’s earlier conviction of Rita Luthra, a Springfield, Massachusetts-based gynecologist, for a criminal HIPAA violation and obstructing a criminal healthcare...

Massachusetts Physician Convicted of Criminal HIPAA Violation

by Fred Donovan

A federal jury has convicted Rita Luthra, a Springfield, Massachusetts-based gynecologist, of a criminal HIPAA violation and obstructing a criminal healthcare investigation, US Department of Justice (DoJ) announced April 30. DoJ alleged...

SamSam Ransomware Attackers Target Healthcare Providers

by Fred Donovan

So far this year, there have been at least eight cyberattacks on healthcare and government organizations employing the SamSam ransomware, the Department of Health and Human Services (HHS) said in a report released March 30. SamSam...

HCCIC Releases Update on Spectre, Meltdown Cybersecurity Threats

by Elizabeth Snell

The Healthcare Cybersecurity and Communications Integration Center (HCCIC) released an update on previously discovered Spectre and Meltdown vulnerabilities that could create healthcare cybersecurity threats for organizations. The National...

Information Technology, Cybersecurity Issues Common in OIG Areas

by Elizabeth Snell

Cybersecurity issues and information technology issues are both common in numerous areas that the Office of Inspector General (OIG) plans to focus on, according to the latest OIG semiannual report to Congress. OIG wants to keep working on...

HHS Pressed on Healthcare Cybersecurity Leadership Changes

by Elizabeth Snell

Recent healthcare cybersecurity leadership changes within HHS have pushed lawmakers to question the agency why those changes took place. Both Margaret Amato and Leo Scanlon emailed bipartisan staff on the House Committee on Energy and...

Healthcare Cybersecurity Threats Require HHS Bill of Materials

by Elizabeth Snell

The increasing amount of healthcare cybersecurity threats is pushing organizations to utilize numerous technologies to combat potential dangers. It can often be difficult though to have clear visibility into the hardware or software in...

Evolving Cybersecurity Threats, Protecting Data Top HHS Challenges

by Elizabeth Snell

Adequately addressing the industry’s current cybersecurity threats is a key aspect to one of the major management and performance challenges for HHS, the Office of Inspector General determined in its annual report. OIG’s 2017...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks