Auditors have once again rated the Department of Health and Human Services' information security program as "not effective," citing several areas of weaknesses, including issues related to risk management, information security continuous monitoring and contingency planning.
Recent incidents affecting the sensitive information of tens of thousands of individuals underscore the ongoing threats and risks facing organizations that handle health and other delicate personal information, including a community health center and a social services agency.
In late 2021, the Federal Trade Commission (“FTC”) issued guidance clarifying protections applicable to consumers’ sensitive personal data increasingly collected by digital health applications. Per the FTC statement, organizations using “health applications and connected devices” to “collect or use”...
Solara Medical Supplies has agreed to pay $5 million and implement a host of security improvements under a proposed settlement of a consolidated class action lawsuit involving a 2019 phishing incident that affected sensitive information of more than 114,000 individuals.
More than 670,000 individuals have been affected by two 2021 hacking incidents that were only recently reported to federal regulators. The breaches involve healthcare software and billing services firm Adaptive Health Integrations and urgent care provider Urgent Team Holdings.
A breach involving the compromise of a single user's email account at an Illinois-based multispecialty clinic has affected nearly 503,000 individuals - one of the largest breaches reported so far this year to federal regulator. How can other entities avoid similar email security incidents?
Five recently reported data breaches involving cyberattacks on a variety of different types of healthcare sector entities have affected a total of more than 1.2 million individuals. Experts say the incidents highlight the intensifying threat landscape in the sector.
Federal regulators are seeking public input about how they should consider the "recognized" security practices of organizations when taking potential HIPAA enforcement actions - and how to distribute a percentage of HIPAA fines to individuals harmed by violations.
Recent breach reports filed by a law enforcement benefits health plan, a healthcare staffing firm and a rural medical center are the latest examples of the diverse range of healthcare sector entities being targeted by cyberattackers. What do experts recommend?
An apparent ransomware attack and alleged data theft by the Hive cybercriminal group has left Partnership HealthPlan of California struggling to recover its IT services for more than a week. The nonprofit says it is unable to receive or process treatment authorization requests.
The White House is seeking fiscal 2023 budget increases for the Department of Health and Human Services, including a boost in funding for cybersecurity initiatives including medical device security and regulatory and enforcement efforts related to secure health data exchange.
Regulators have slapped four small covered entities with HIPAA enforcement actions, including three settlements and one civil monetary penalty. The most egregious case involves an Alabama dentist who disclosed patient information for use in his unsuccessful campaign for state Senate.
The number of major health data breaches posted to the federal tally so far in 2022 - and the total number of individuals affected by those breaches - has surged in recent weeks as reports of large hacking incidents continue to flow in to regulators.
A public health department and a medical specialty practice are among the latest entities reporting major hacking incidents affecting tens of thousands of individuals' sensitive health information. Some experts say the breaches follow disturbing, evolving cyber trends.
The Department of Health and Human Services has an ambitious regulatory agenda in the months ahead and plans for strong enforcement of HIPAA violations, says Lisa Pino, director of the HHS Office for Civil Rights, in an exclusive interview. She also discusses evolving breach trends.