A HIPAA-related enforcement case in Massachusetts involving two insider breaches alleges a trail of missteps, including failure to take prompt action after receiving tips about potential misuse of patient information. What can other entities learn from the mistakes?
HIPAA privacy violations can come in many forms. Case in point: Federal regulators have smacked three Boston hospitals with settlements totaling nearly $1 million for allowing crews for the documentary TV show "Save My Life: Boston Trauma" to film on their premises without obtaining authorization from patients.
Is a recent HIPAA settlement issued by the New York state attorney general's office another sign that states might begin to overshadow federal regulators when it comes to enforcement actions involving health data security and privacy?
While healthcare entities and their vendors apparently are improving their encryption practices for computing and storage devices, regulators are also urging organizations to avoid overlooking the importance of physically securing and tracking these devices to help safeguard PHI.
A recent hacker attack targeting a revenue cycle management software and services vendor, which impacted more than 31,000 patients at 11 healthcare organizations, illustrates the potentially broad security risks posed by business associates.
A new council of healthcare CISOs hopes to work together toward improving uniformity and efficiency in the way organizations review the security controls and practices of third-party vendors that handle sensitive patient data.
Leading the latest edition of the ISMG Security Report: An analysis of why it may be too late to secure the 2018 U.S. midterm elections. Also: A close look at the Anthem breach lawsuit settlement and a report on ransomware recovery lessons learned.
With less than three months to go until the U.S. midterm elections, Alex Stamos, until recently Facebook's CSO, says there isn't time to properly safeguard this year's elections. But here's what he says can be done in time for 2020.
U.K. health and beauty retailer Superdrug Stores is warning customers that attackers may have compromised some of their personal information, apparently because they'd reused their credentials on other sites that were hacked. While Superdrug quickly notified victims, it stumbled in three notable ways.
About 30 new health data breaches - including a phishing attack impacting 1.4 million individuals - have been added in recent weeks to the official federal tally, pushing the total victim count for 2018 so far to 6.1 million.
As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.
Hubris has a new name: Bitfi. The cryptocurrency wallet-building company, backed by technology eccentric John McAfee, earned this year's not-so-coveted Pwnies Award for "Lamest Vendor Response" for how it mishandled security researchers' vulnerability disclosures. Bitfi has promised to do better.
Documents containing information on more than 300,000 patients were recently discovered on the former campus of a Missouri hospital that's being prepared for demolition four years after the hospital moved to new facilities. The incident illustrates the need to track all paper records that contain PHI.