Healthcare Information Security

HIPAA Administrative Safeguards

Arizona MCOs Fail OIG Security Audit, Putting Medicaid Data at Risk

November 28, 2018 - A Department of Health and Human Service Office of Inspector General audit of two Arizona Managed Care Organizations found significant, security vulnerabilities in its information systems, which call into question the integrity of the systems used to process Medicaid managed care claims and may be putting patient data at risk. What’s worse: The flaws found suggest that other...


More Articles

HIPAA Security Rule Risk Analysis Remains Source of Confusion

by Fred Donovan

Widespread confusion in the healthcare industry continues to persist about OCR risk analysis requirements under the HIPAA Security Rule, according to legal experts David Gacioch and Edward Zacharias of McDermott Will & Emery. Failure...

SAMBA Mailing Error Creates Data Security Concern for 13.9K

by Elizabeth Snell

A programming error that occurred during the preparation process for mailing out certain IRS tax forms may have led to documents being sent to the wrong recipients, creating a data security concern for some individuals, according to SAMBA...

Top Reminders for Implementing a HIPAA Contingency Plan

by Elizabeth Snell

Healthcare organizations must ensure they have a current HIPAA contingency plan in place to prepare for all types of adverse events, including natural disasters and cybersecurity attacks, according to the latest OCR Cybersecurity...

Potential PHI Exposure at BJC HealthCare Impacts 33K

by Elizabeth Snell

An internal security scan revealed that there was a data server configuration error, allowing potential PHI exposure at BJC HealthCare. The Missouri-based organization revealed in an online statement that 33,420 patients may have had...

Weak Healthcare Cybersecurity Employee Training Affects IT Security

by Elizabeth Snell

Covered entities must ensure that staff members at all levels receive regular and comprehensive healthcare cybersecurity employee training. This is a HIPAA requirement but is also critical to keeping the workforce up to date on evolving IT...

Healthcare Ransomware Attack Affects 6.5K at AL Practice

by Elizabeth Snell

A healthcare ransomware attack allowed an unknown hacker to gain access to EMR software containing patient medical records, Jemison Internal Medicine, PC (JIM) announced on its website. The Alabama-based practice said the virus encrypted...

Hospital Data Breaches Most Common, Affect the Most Patients

by Elizabeth Snell

Hospital data breaches accounted for approximately 30 percent of large data security incidents reported to OCR from 2009 to 2016, according to a study published in the American Journal of Managed Care (AJMC). The largest number of...

KS Healthcare Organization Fined over Unsecured Patient Data

by Elizabeth Snell

Topeka, Kansas-based Pearlie Mae’s Compassion and Care LLC recently agreed to pay an $8,750 civil penalty after allegations that it had unsecured patient data in one of its office locations. Defendants Ann Marie Kaiser and Jenell...

Onco360 Email Data Security Incident Impacts 53K Patients

by Elizabeth Snell

Onco360 and CareMed Specialty Pharmacy are notifying patients that a data security incident stemming from unauthorized access to employee email accounts may have involved their health information. Suspicious activity on an...

PA Security Breach from Missing External Hard Drive Affects 4.1K

by Elizabeth Snell

Pennsylvania-based Washington Health System (WHS) Greene recently announced that a missing external hard drive has created security breach concerns at the organization. The device was for the Bone Densitometry machine and contained...

Unauthorized Server Access Creates Data Security Concern for 47K

by Elizabeth Snell

Carl Albert State College (CASC) is re-notifying certain individuals of unauthorized server access from 2016 that may create data security concerns. CASC explained in an online statement that the server was accessed on April 7, 2016....

Reducing Insider Data Breach Risk with Strong IAM Policies

by Elizabeth Snell

Implementing effective identity and access management (IAM) policies and controls is essential for healthcare organizations that are looking to reduce the potential of insider data breach risk, according to the OCR November 2017...

Applying US-CERT IoT Security Best Practices to Healthcare

by Elizabeth Snell

The Internet of Things (IoT) is quickly becoming integrated into the daily operations of numerous organizations, which means that entities need to keep IoT security a top priority, according to the US Computer Emergency Readiness Team...

PHI of 9.5K Possibly Compromised in WI Healthcare Phishing Attack

by Elizabeth Snell

The Medical College of Wisconsin (MCW) announced that it suffered a healthcare phishing attack and that certain PHI may have been affected as it was in the accessed employee email accounts. An investigation and manual document review...

Data Backups Aid in Ransomware Attack Recovery for KS Agency

by Elizabeth Snell

East Central Kansas Area Agency on Aging (ECKAAA) said in an online statement that it was the victim of a ransomware attack on September 5, 2017, leaving files encrypted and inaccessible. ECKAAA said it immediately hired a cybersecurity...

Healthcare Identity, Access Management Center of Imprivata Deal

by Elizabeth Snell

Imprivata recently acquired the Identity and Access Management Business of Caradigm, according to a press release. The move should help healthcare identity and access management specifically, with a focus on reducing security risks and...

Kromtech Security Discovers Health Data Breach of 150K Patients

by Elizabeth Snell

Kromtech Security researchers found a potential publicly accessible Amazon S3 repository that may have led to a health data breach impacting over 150,000 individuals, according to a company report. “Patient Home...

Cases Underline Audit Controls, Minimum Necessary Standard

by Elizabeth Snell

Healthcare organizations of all sizes need to utilize proper audit controls to ensure that employees are remaining compliant and following proper procedure. Lacking administrative safeguards could lead to numerous types of malicious...

Potential Ransomware Attack Encrypts Patient Data in KY

by Elizabeth Snell

Kentucky-based Estill County Chiropractic (ECC) recently announced on its website that it had experienced a potential ransomware attack, where an unauthorized user installed malicious software that encrypted patient files. ECC said that...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...