In its second HIPAA settlement revealed this week, federal regulators smacked a New York-based medical research institute with a multimillion dollar penalty after investigating a breach tied to the theft of an unencrypted laptop containing data on several thousand patients and participants in a research project.
Federal regulators have imposed a $1.55 million penalty on a Minnesota healthcare system as part of a settlement following an investigation of a breach involving a business associate. The vendor has already been sanctioned by two other government entities for the same stolen laptop incident.
In an unusual twist, a missing unencrypted laptop containing data on nearly 206,000 patients has been returned by mail to Premier Healthcare, a physician group practice in Indiana. But some experts say the organization might have violated the HIPAA Security Rule.
The HHS Office for Civil Rights is moving too slowly in issuing HIPAA guidance related to mobile health apps, cloud storage and other emerging technologies, according to a bipartisan group of congressmen. Does OCR have too much on its plate?
The nonstop pace of "Apple vs. FBI" updates and related crypto debates seemed to exceed both the U.S. government's and the information security industry's advanced persistent spin-cycles at this year's RSA Conference.
This could be a record year for HIPAA enforcement actions by federal regulators, both in the number of resolution agreements and in the size of financial settlements resulting from breach investigations, predicts privacy attorney Adam Greene.
It's springtime in San Francisco: cue the annual RSA Conference. Here are some notable trends that have already emerged from the event, ranging from ransomware and phishing attacks to hacker self-promotion and Facebook fakery.
The HHS Office for Civil Rights is making progress toward launching the long awaited next round of HIPAA compliance audits, which will consist mostly of desk audits. In a critical step, it plans to release its proposed new audit protocol in April, says Deven McGraw, OCR's deputy director of health information privacy.
Despite the pervasiveness of data breaches, healthcare organizations are still playing catch-up on implementing strong, risk-based security programs, rather than focusing solely on HIPAA compliance, says David Finn of Symantec. He offers a preview of his session at the HIMSS 2016 Conference about a new survey.
To the list of vulnerable, Internet-connected devices - from routers and home alarms to baby monitors and toys - now add the world's most popular electric car: the Nissan LEAF. Nissan says a full fix is forthcoming.
As a result of high-profile breaches, emerging malware threats and increased regulatory scrutiny, CISOs at financial institutions are under more pressure than ever to develop innovative strategies for enhancing cybersecurity. And the CISO's evolving role will be a hot topic at RSA Conference 2016.
If recent cyberattacks on healthcare organizations - including the ransomware attack on Hollywood Presbyterian Medical Center - tell us anything, it's that better cyber threat intelligence sharing is desperately needed. A project led by Harris Health Systems aims to help identify the gaps that need to be addressed.
Federal regulators have issued new guidance to clarify scenarios where HIPAA privacy and security regulation might apply, including for mobile health applications and electronic data exchange. Why are some organizations still so confused?