Healthcare Information Security

HIPAA Administrative Safeguards

Onco360 Email Data Security Incident Impacts 53K Patients

January 18, 2018 - Onco360 and CareMed Specialty Pharmacy are notifying patients that a data security incident stemming from unauthorized access to employee email accounts may have involved their health information. Suspicious activity on an employee’s email account was first discovered on November 14, 2017, Onco360 said in an online statement. An investigation determined on November 30 that three employee...


More Articles

PA Security Breach from Missing External Hard Drive Affects 4.1K

by Elizabeth Snell

Pennsylvania-based Washington Health System (WHS) Greene recently announced that a missing external hard drive has created security breach concerns at the organization. The device was for the Bone Densitometry machine and contained certain patient...

Unauthorized Server Access Creates Data Security Concern for 47K

by Elizabeth Snell

Carl Albert State College (CASC) is re-notifying certain individuals of unauthorized server access from 2016 that may create data security concerns. CASC explained in an online statement that the server was accessed on April 7, 2016. It...

Why Privileged Account Management Matters in Health Data Security

by Elizabeth Snell

As healthcare providers continue to work toward creating strong cybersecurity measures, it is important to remember that insider access could also lead to a potential data breach. Failing to secure privileged accounts could lead to unauthorized...

Reducing Insider Data Breach Risk with Strong IAM Policies

by Elizabeth Snell

Implementing effective identity and access management (IAM) policies and controls is essential for healthcare organizations that are looking to reduce the potential of insider data breach risk, according to the OCR November 2017 Cybersecurity...

Applying US-CERT IoT Security Best Practices to Healthcare

by Elizabeth Snell

The Internet of Things (IoT) is quickly becoming integrated into the daily operations of numerous organizations, which means that entities need to keep IoT security a top priority, according to the US Computer Emergency Readiness Team (US-CERT)....

PHI of 9.5K Possibly Compromised in WI Healthcare Phishing Attack

by Elizabeth Snell

The Medical College of Wisconsin (MCW) announced that it suffered a healthcare phishing attack and that certain PHI may have been affected as it was in the accessed employee email accounts. An investigation and manual document review showed that...

Data Backups Aid in Ransomware Attack Recovery for KS Agency

by Elizabeth Snell

East Central Kansas Area Agency on Aging (ECKAAA) said in an online statement that it was the victim of a ransomware attack on September 5, 2017, leaving files encrypted and inaccessible. ECKAAA said it immediately hired a cybersecurity company...

Healthcare Identity, Access Management Center of Imprivata Deal

by Elizabeth Snell

Imprivata recently acquired the Identity and Access Management Business of Caradigm, according to a press release. The move should help healthcare identity and access management specifically, with a focus on reducing security risks and operational...

Kromtech Security Discovers Health Data Breach of 150K Patients

by Elizabeth Snell

Kromtech Security researchers found a potential publicly accessible Amazon S3 repository that may have led to a health data breach impacting over 150,000 individuals, according to a company report. “Patient Home Monitoring” is...

Cases Underline Audit Controls, Minimum Necessary Standard

by Elizabeth Snell

Healthcare organizations of all sizes need to utilize proper audit controls to ensure that employees are remaining compliant and following proper procedure. Lacking administrative safeguards could lead to numerous types of malicious activity,...

Potential Ransomware Attack Encrypts Patient Data in KY

by Elizabeth Snell

Kentucky-based Estill County Chiropractic (ECC) recently announced on its website that it had experienced a potential ransomware attack, where an unauthorized user installed malicious software that encrypted patient files. ECC said that it immediately...

Administrative Safeguard Need Highlighted in PA Indictment

by Elizabeth Snell

Healthcare organizations must ensure that they have comprehensive and regularly updated administrative safeguards, such as user authentication measures and proper access control. A failure to have these in place, or having outdated ones, could...

Preventing Insider Threats from Affecting Health Data Security

by Elizabeth Snell

There are numerous potential threats to health data security, and the increasingly complex level of technology will only help add to that threat level. Insider threats are one key area of concern, as careless or poorly trained employees could...

$2.2M OCR HIPAA Settlement Highlights ePHI Safeguard Need

by Elizabeth Snell

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently announced a HIPAA settlement stemming from allegations of a lack of ePHI safeguards. MAPFRE Life Insurance Company of Puerto Rico (MAPFRE) agreed to the...

NIST Releases Updated Draft Version of Cybersecurity Framework

by Elizabeth Snell

The National Institute of Standards and Technology (NIST) recently released an updated draft version of its Cybersecurity Framework, with incorporated comments from the December 2015 Request for Information and comments from Cybersecurity Framework...

NIST Cybersecurity Guide Highlights Recovery, Restoration Plan

by Elizabeth Snell

Properly developing and implementing recovery plans, processes, and procedures will help organizations fully restore a system weakened during a cybersecurity event, the National Institute of Standards and Technology (NIST) explained in a recent...

Strong Cybersecurity Measures Need Security in IoT Devices

by Elizabeth Snell

The National Institute of Standards and Technology (NIST) recently published guidelines on how organizations can utilize cybersecurity measures for IoT devices, and underlined the importance of ensuring that security systems are built directly...

NIST Aims to Help Small Business Cybersecurity Measures Improve

by Elizabeth Snell

While some small businesses may assume that they are not primary targets for cyber criminals, the National Institute of Standards and Technology (NIST) wants to ensure that those organizations are able to implement the necessary cybersecurity...

OCR Newsletter Underlines Healthcare Authentication Importance

by Elizabeth Snell

One of the causes of healthcare data breaches over the past few years has been to weakened healthcare authentication measures, according to the Office for Civil Rights (OCR). As healthcare continues to be a top target for cyber attacks, organizations...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks