North Korean state-sponsored cyber threat actors have been targeting the healthcare sector with ransomware, the National Security Agency (NSA), HHS, the Federal Bureau of Investigation (FBI), the U.S....
The HHS Office for Civil Rights (OCR) reached a HIPAA right of access settlement with Health Specialists of Central Florida. The primary care practice paid OCR $20,000 to resolve the potential HIPAA...
In a new Notice of Proposed Rulemaking (NPRM), the HHS Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA) proposed updates to the Confidentiality...
In the 2022 edition of its annual report on HHS’s top management and performance challenges, the Office of Inspector General (OIG) called on HHS to improve data governance, secure HHS systems,...
HHS, the Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory about Hive ransomware actors. The ransomware actors...
The American Hospital Association (AHA) expressed its support for the Healthcare Cybersecurity Act (S.3904/H.R.8806) in a letter by AHA Executive Vice President Stacey Hughes to US Representatives...
Department of Health and Human Services (HHS) Secretary Xavier Becerra has officially sworn in Melanie Fontes Rainer as director of the Office for Civil Rights (OCR).
Since assuming the role...
Spearheaded by US Senator Patty Murray (D-WA), a group of 30 Senators urged HHS and the Biden Administration to strengthen HIPAA protections in order to further safeguard patient privacy in the wake of...
US Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI), both co-chairs of the Cyberspace Solarium Commission (CSC), wrote a letter to HHS Secretary Xavier Becerra asking about the...
The HHS Office for Civil Rights (OCR) issued guidance on patient privacy and rights under the HIPAA Privacy Rule that can help patients maintain security and privacy in light of the recent Roe v. Wade...
In its latest report, the US Government Accountability Office (GAO) called on HHS to improve the healthcare data breach reporting process. Specifically, GAO urged HHS to create a mechanism for entities...
The HHS Health Sector Cybersecurity Coordination Center (HC3) issued a brief with tips for strengthening cyber posture in healthcare.
HC3 defined cyber posture as “the overall strength of an...
The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) released version 3.3 of the HHS Security Risk Assessment (SRA) Tool.
ONC and OCR...
The HHS Office for Civil Rights (OCR) announced plans to produce a pre-recorded video presentation on the Health Information Technology for Economic and Clinical Health Act (HITECH) recognized security...
Emotet continues to be a prominent cyber threat to healthcare in 2022, HHS’ Health Sector Cybersecurity Coordination Council (HC3) explained in its most recent brief. Emotet is an advanced...
The Health Sector Cybersecurity Coordination Center (HC3) observed ransomware groups increasingly turning to legitimate tools such as Cobalt Strike and Mimikatz during ransomware intrusions in the...
The Office of Inspector General (OIG) called HHS’ security program “not effective” in an audit of Federal Information Security Modernization Act (FISMA) requirements for fiscal year...
The Federal Bureau of Investigation (FBI) warned organizations of BlackCat/ALPHV ransomware-as-a-service (RaaS) in its latest flash alert. The RaaS group has compromised at least 60 organizations...
The Health Sector Cybersecurity Coordination Center (HC3) issued a threat brief outlining the tactics and targets of Lapsus$, the cyber threat group responsible for a cyberattack against identity...
HHS’ Office for Civil Rights (OCR) issued a request for information (RFI) seeking feedback on two requirements under the Health Information Technology for Economic and Clinical Health Act...