Rudy Giuliani, the former New York mayor who's been tapped by U.S. president-elect Donald Trump to lead a cybersecurity corporate outreach program, runs a security consulting firm with a website that's been given a failing grade for its security.
In a reminder of HIPAA's tough requirements for breach notification, federal regulators have issued a $475,000 financial settlement and corrective action plan for Chicago-based Presence Health tied to its tardy notification for a 2013 paper records breach affecting only about 800 individuals.
Hackers have apparently hijacked potentially thousands of vulnerable MongoDB databases and demanded ransoms for the return of critical data, with some victims paying up, according to security researchers.
The lack of a smoking gun - absolute certainty - has some security experts not entirely convinced that the Russians or their backers hacked Democratic Party computers in an attempt to sway the U.S. presidential election.
The transition to a new presidential administration makes forecasting for HIPAA enforcement activity in 2017 difficult, says privacy attorney David Holtzman of the consultancy Cynergistek, who sizes up what the HHS Office for Civil Rights might do this year.
The National Governors Association, in a new road map for improving nationwide secure health data exchange, proposes that states attempt to better align their privacy laws to the federal HIPAA Privacy Rule to help remove legal barriers.
The impact of the patient data privacy and security provisions of the 21st Century Cures Act, signed into law Dec. 13, will depend, in part, on who is chosen to study key issues and come up with recommendations, says attorney Steven Teppler.
President Obama is expected on Dec. 13 to sign the 21st Century Cures Act, which the Senate passed on Dec. 7. Among its long list of provisions, the bill lays out a number of privacy and security-related projects for HHS, including imposing fines on those that intentionally block health data information sharing.
Federal regulators have issued a warning to healthcare sector organizations about a phishing email campaign that pretends to be compliance audit communications from the nation's top HIPAA enforcer. But who's really sending out these emails?
Healthcare entities must perform security due diligence when they consider introducing emerging technologies - including "internet of things" devices - into their environments, says attorney Stephen Wu, author of a new book on HIPAA compliance.
In the 13th HIPAA enforcement action this year, federal regulators have slapped the University of Massachusetts Amherst with a $650,000 financial settlement and corrective action plan after investigating a relatively small 2013 breach involving a malware infection at a campus speech and language center.
Vulnerable firmware has been highlighted again in a range of low-cost Android phones, raising concerns over their security. This latest incident comes 11 months after security analysts first raised flags.
If President-elect Donald Trump fulfills a campaign promise to repeal Obamacare - which could result in the dismantling of HealthCare.gov and state health insurance exchanges - great caution will be needed to protect the data of millions of consumers contained in those systems.
Last month, the FFIEC issued an FAQ about its Cybersecurity Assessment Tool, reiterating that use of the tool is voluntary. But some critics say regulators are still questioning institutions about their use of the tool during IT examinations, meaning its use is not truly voluntary.