Healthcare Information Security

Risk Management

EHNAC: Risk Assessments, IoT Security Crucial in Attack Mitigation

October 31, 2017 - Hospitals and healthcare organizations need to keep a strong focus on their risk management and risk assessment process and ensure that any third parties or business associates also have proper security and IT risk management protocols in place, according to Electronic Healthcare Network Accreditation Commission (EHNAC) Executive Director Lee Barrett. Also a member of the HHS Cybersecurity...


More Articles

NIST CSF, Risk Management Key for Cybersecurity Improvements

by Elizabeth Snell

The NIST Cyberscurity Framework (CSF) can be implemented using the established NIST risk management process, which will help organizations across industries develop a more effective, efficient, and cost-effective risk management processes, according...

How Vendors, Providers Can Create Strong Health Data Security

by Elizabeth Snell

When it comes to maintaining HIPAA compliance, both healthcare providers and their chosen third-party vendors – or business associates – need to work together for comprehensive and current health data security. Compliance can get...

HITRUST Urges Collaboration for Improved Healthcare Cybersecurity

by Elizabeth Snell

HITRUST held its first Community Extension Program meeting last week at Tufts Medical Center in downtown Boston, talking challenges, best practices, and lessons learned in healthcare risk management programs. One of the overarching goals of the...

What Are Critical Considerations in Risk Management?

by Elizabeth Snell

Healthcare risk management is an increasingly critical area as cybersecurity threats continue to evolve. Regardless of an organization’s size, it needs to ensure that the right policies, procedures, and tools are in place so staff members...

HITRUST, Trend Micro Set to Improve Cyber Threat Management

by Elizabeth Snell

HITRUST and Trend Micro have partnered together in an effort to further advance cyber threat information sharing and the cyber threat management process, according to a HITRUST release. The HITRUST Cyber Threat Management and Response Center...

Healthcare Risk Management Key Area in New HITRUST Program

by Elizabeth Snell

A Community Extension Program designed to aid healthcare organizations discuss challenges, best practices, and lessons learned in healthcare risk management programs will soon be launched nationwide, according to HITRUST. The program will also...

95% of Healthcare Orgs Not Utilizing Risk Management Software

by Elizabeth Snell

Healthcare organizations continue to prioritize PHI security, but often have limited resources – such as access to risk management software – according to a recent Netwrix survey. Nearly all surveyed entities – 95 percent –...

Vendor Risk Management Key Focus in Recent HITRUST Program

by Elizabeth Snell

A new HITRUST exchange aims to help entities as they request and receive third-party security and privacy risk assessment information, streamlining the vendor risk management process. The HITRUST Assessment Exchange will utilize the HITRUST CSF...

2017 OCR HIPAA Settlements Focus on Risk Analyses, Safeguards

by Elizabeth Snell

Maintaining PHI security must remain a top priority for covered entities and business associates year-round. Lackluster safeguards and irregular risk analyses can lead to potential data security issues, and even an OCR HIPAA settlement. With...

DHS Must Sustain Stronger Federal Cybersecurity Measures Push

by Elizabeth Snell

The Department of Homeland Security (DHS) must continue to foster initiatives to improve federal cybersecurity measures, such as utilizing the National Cybersecurity Protection System (NCPS), according to the Government Accountability Office...

Preparing for an OCR HIPAA Risk Assessment Audit

by Elizabeth Snell

While healthcare organizations should not panic over the idea of a potential HIPAA audit or risk assessment, they should ensure that their privacy and security measures are comprehensive and current. This will not only keep sensitive data, such...

Why Healthcare Cybersecurity is a Risk Management Issue

by Elizabeth Snell

Healthcare organizations are slowly working to increase their healthcare cybersecurity governance, staffing, and budgetary resources, but there is still room for improvement, according to a recent study. The second annual HIMSS Analytics HIT...

GAO Finds DHS Cybersecurity Measures Have Room for Improvement

by Elizabeth Snell

While the Department of Homeland Security (DHS) has worked toward implementing necessary cybersecurity measures in its National Cybersecurity and Communications Integration Center (NCCIC), there are still factors impeding its efficiency and effectiveness,...

Cybersecurity Risk Management Focus in HITRUST Catalogue

by Elizabeth Snell

Having a stronger understanding of cybersecurity risk management is a key way for healthcare organizations to view potential risk areas and keep data secure, according to the Health Information Trust Alliance (HITRUST). That was a driving factor...

Security Operations Centers Falling Below Optimal Levels

by Elizabeth Snell

The majority of security operations centers (SOCs), which assist organizations in mitigating potential cybersecurity risks, are falling below the optimal maturity level, according to research from Hewlett Packard Enterprise (HPE). The HPE State...

OIG Finds Slight Increase in Medicare Information Security Gaps

by Elizabeth Snell

Evaluations of the Medicare administrative contractor (MAC) information security program found that the programs were adequate in scope sufficiency but still had an increase in security gaps from the previous year. The Office of Inspector General...

Utilizing Risk Analyses for Comprehensive HIPAA Compliance

by Elizabeth Snell

As technology continues to evolve and become more intricate, covered entities and their business associates have to ensure they account for potential risk in all aspects of their organization. A key part to complete HIPAA compliance is an updated...

FDA Information Security Weaknesses Create Health Data Risk

by Elizabeth Snell

The Food and Drug Administration (FDA) must still improve in its efforts to fix information security weaknesses found by the US Government Accountability Office (GAO), especially as the FDA receives, processes, and maintains sensitive industry...

Why Lacking Risk Assessments May Lead to OCR HIPAA Settlements

by Elizabeth Snell

Healthcare organizations cannot afford to skip out on conducting regular risk assessments, according to several recent OCR HIPAA settlements. Failing to identify potential risks and vulnerabilities in ePHI security could lead to healthcare data...

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks