What should healthcare entities and business associates expect when faced with a data breach investigation or compliance audit by federal regulators? Attorney Marti Arvin discusses the do's and don'ts.
A Texas-based pediatric practice is the latest healthcare entity to report a major data breach following a recent ransomware attack, despite the organization's efforts to mitigate the incident quickly.
More than 60,000 servers running Microsoft's out-of-support IIS 6.0 server software may be vulnerable to a newly revealed zero-day exploit. No patch will be produced, but a workaround can blunt an attack.
What's in store for health data privacy and security initiatives in the Trump administration, now that a new leader for the HHS Office for Civil Rights, which enforces HIPAA, has been selected? Healthcare attorney Kirk Nahra, a regulatory expert, offers an assessment.
Recent settlements between New York State's attorney general office and three mobile app vendors for misleading privacy and marketing practices could have implications for other developers, especially if other states follow suit with their own enforcement actions, some legal experts say.
Following the Westminster attack in London, Britain's home secretary scapegoated social networks and end-to-end encryption communications. Is it possible her government has a messy domestic political issue that it's trying to avoid discussing?
Microsoft's docs.com service has been an open window to viewing people's personal data. The company appears to have taken some steps to contain the exposure, but those watching closely say sensitive data can still be found via search engines.
Like many other inventions now common in modern life, distributed cybercrime may seem trivial today. But this concept emerged little more than a decade ago and has already dominated the threat landscape.
The Trump administration has named Roger Severino as the new director of the Department of Health and Human Services' Office for Civil Rights, which enforces HIPAA and protects patients rights. Meanwhile, it remains unclear who will lead the Office of the National Coordinator for Health IT.
Under HIPAA, the theft or loss of encrypted computing or storage devices is not considered a reportable data breach. But a recent incident at a Kentucky-based healthcare organization demonstrates that making a determination on whether an incident is a reportable breach isn't always clear-cut.
Several recent health data security incidents serve as reminders of why healthcare entities need to stay focused on efforts to prevent and detect insider breaches, even as attention is diverted by headlines about hacker attacks.