Healthcare Information Security

Risk Assessment

Helping Struggling Hospitals Recover from Ransomware Attacks

May 2, 2018 - The biggest cybersecurity issue for hospitals is response and recovery from ransomware attacks, observed Fernando Martinez, senior vice president and chief digital officer at the Texas Hospital Association and president/CEO of Texas Hospital Association Foundation. Organizations are struggling with such problems as where to get Bitcoin to pay the ransom, how to get decryption keys, and...


More Articles

Gap Analysis Not Enough for HIPAA Security Rule, Says OCR

by Fred Donovan

A gap analysis can be used to discover where problems exist in securing electronic protected health information (ePHI), but it is not a substitute for a comprehensive risk analysis required by the HIPAA Security Rule, the Office for Civil...

FTC ‘Misconduct’ Charges Loom as Uber Health Service Launches

by Fred Donovan

Uber is being hit with additional federal penalties for “misconduct” in not reporting a major 2016 data breach at a time when it is launching its Uber Health service, which the ride-sharing company pledges will be HIPAA...

Alabama Data Breach Notification Act Accounts for Medical Data

by Elizabeth Snell

Alabama may soon join 48 other states in having its own state data breach notification legislation, as the Alabama Senate passed a bill earlier this month that would require companies to provide notice should they experience a breach. The...

Healthcare Risk Assessments Key Driver for Security Investments

by Elizabeth Snell

More providers are adopting cybersecurity frameworks and prioritizing risk assessment, according to the third annual Symantec and HIMSS Analytics HIT Security and Risk Management Study. However, organizations are still underinvesting in...

VA Facility Lacking Security Risk Assessment, Security Controls

by Elizabeth Snell

The Veterans Services Adaptable Network (VSAN) at the Orlando Veterans Affairs Medical Center (VAMC) was not fully coordinated with the Office of Information and Technology (OI&T), which included not having a security risk assessment,...

OIG: Security Risk Assessments, Disaster Recovery Needed at Hospitals

by Elizabeth Snell

While two Indian Health Service (IHS) hospitals had increased system security and physical controls surrounding prescription drug and opioid disbursements, the Office of Inspector General (OIG) still determined that more improvements...

How to Prevent a Healthcare Data Breach in 2018

by Bill Kleyman

One word can describe the current security landscape: chaos. We’re way beyond the days of traditional firewall and network security solutions. Today, healthcare organizations have to worry about security when it comes to cloud, data,...

Revised NIST Infrastructure Cybersecurity Framework Released

by Elizabeth Snell

In an effort to help organizations continue to improve their cybersecurity risk management in critical infrastructure, NIST released a revised draft of its Cybersecurity Framework last week. The second draft of the Framework...

$2M Settlement Reached in Cottage Health Data Breach Case

by Elizabeth Snell

Cottage Health System recently reached a $2 million settlement with the California Attorney General’s office after two separate health data breach incidents that took place in 2013 and 2015. In total, more than 50,000 patients had...

EHNAC: Risk Assessments, IoT Security Crucial in Attack Mitigation

by Elizabeth Snell

Hospitals and healthcare organizations need to keep a strong focus on their risk management and risk assessment process and ensure that any third parties or business associates also have proper security and IT risk management...

How Vendors, Providers Can Create Strong Health Data Security

by Elizabeth Snell

When it comes to maintaining HIPAA compliance, both healthcare providers and their chosen third-party vendors – or business associates – need to work together for comprehensive and current health data security. Compliance can...

3 Tips to Ensure Healthcare Data Security in Evolving Environment

by Bill Kleyman

There’s so much happening with new types of advanced security technologies. Healthcare data security teams must analyze solutions around on premise as well as cloud options. Furthermore, the granularity of security makes it a...

What Are Critical Considerations in Risk Management?

by Elizabeth Snell

Healthcare risk management is an increasingly critical area as cybersecurity threats continue to evolve. Regardless of an organization’s size, it needs to ensure that the right policies, procedures, and tools are in place so staff...

Using NIST Guidance for Better Risk Assessment, Data Security

by Elizabeth Snell

A structured method of prioritizing programs, systems, and components based on their importance is a critical part of an organization’s risk assessment process and approach to data security, according to a recent NIST special...

OIG Notes Va. Medicaid Information Security Vulnerabilities

by Elizabeth Snell

An Office of Inspector General (OIG) audit found the Virginia Medicaid Management Information System (MMIS) to have information security vulnerabilities. “Virginia did not adequately secure its Medicaid data and information systems,...

Preparing for an OCR HIPAA Risk Assessment Audit

by Elizabeth Snell

While healthcare organizations should not panic over the idea of a potential HIPAA audit or risk assessment, they should ensure that their privacy and security measures are comprehensive and current. This will not only keep sensitive data,...

ONC, OCR Revise HIPAA Security Risk Assessment Tool

by Elizabeth Snell

In an effort to ensure that healthcare organizations of all sizes can prepare for potential cybersecurity issues, the Office of the National Coordinator (ONC) and the Office for Civil Rights (OCR) recently updated the HIPAA Security Risk...

FDA Information Security Weaknesses Create Health Data Risk

by Elizabeth Snell

The Food and Drug Administration (FDA) must still improve in its efforts to fix information security weaknesses found by the US Government Accountability Office (GAO), especially as the FDA receives, processes, and maintains sensitive...

Why Lacking Risk Assessments May Lead to OCR HIPAA Settlements

by Elizabeth Snell

Healthcare organizations cannot afford to skip out on conducting regular risk assessments, according to several recent OCR HIPAA settlements. Failing to identify potential risks and vulnerabilities in ePHI security could lead to healthcare...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy


no, thanks

Continue to site...