What is Texas HB 300?
What is Texas HB 300, who is required to comply with the legislation, and what are the penalties for noncompliance? This post answers these and other important questions about Texas HB 300. What is...
View ArticleHHS Publishes Cybersecurity Best Practices for Healthcare Organizations
The U.S. Department of Health and Human Services has issued voluntary cybersecurity best practices for healthcare organizations and guidelines for managing cyber threats and protecting patients....
View ArticleIT Service Providers and Customers Warned of Increase in Chinese Malicious...
The Department of Homeland Security (DHS) United States Computer Emergency Readiness Team (US-CERT) has issued an alert about increased Chinese malicious cyber activity targeting IT service providers...
View ArticleClik here to view.
Summary of 2018 HIPAA Fines and Settlements
This post summarizes the 2018 HIPAA fines and settlements that have resulted from the enforcement activities of the Department of Health and Human Services’ Office for Civil Rights (OCR) and state...
View ArticleAdvertising Expenditures Increase 64% Following a Healthcare Data Breach
A recent study has explored the relationship between advertising expenditures and healthcare data breaches. The study shows hospitals significantly increase advertising spending following a data...
View ArticleOCR Seeks Permanent Deputy Director for Health Information Privacy
The U.S. Department of Health and Human Services’ Office for Civil Rights has advertised for a permanent Deputy Director for Health Information Privacy. The position was posted on USAJOBS on January...
View ArticleNew Massachusetts Data Breach Notification Law Enacted
A new Massachusetts data breach notification law has been enacted. The new legislation was signed into law by Massachusetts governor Charlie Baker on January 10, 2019 and will come into effect on April...
View ArticleCMS Completes Rollout of New Medicare Cards 3 Months Ahead of Schedule
Individuals with Medicare have been provided with new Medicare cards without Social Security numbers as part of the Centers for Medicare & Medicaid Services (CMS) efforts to combat fraud and abuse...
View ArticlePhysician Receives Probation for Criminal HIPAA Violation
A physician who pleaded guilty to a criminal violation of HIPAA Rules has received 6 months’ probation and has escaped a jail term and fine. The case concerned the wrongful disclosure of patients’ PHI...
View ArticleState AG Proposes Tougher Data Breach Notification Laws in North Carolina
Following an increase in data breaches affecting North Carolina residents in 2017, state Attorney General Josh Stein and state representative Jason Saine introduced a bill to update data breach...
View ArticleRevised Common Rule Now Effective
The updated Federal Policy for the Protection of Human Subjects (45 CFR part 46), otherwise known as the Common Rule, is now in effect. The compliance date of the revised Common Rule was January 21,...
View ArticleClik here to view.
December 2018 Healthcare Data Breach Report
November was a particularly bad month for healthcare data breaches, so it is no surprise that there was an improvement in December. November was the worst month of the year in terms of the number of...
View ArticleClik here to view.
Analysis of 2018 Healthcare Data Breaches
Our 2018 healthcare data breach report reveals healthcare data breach trends, details the main causes of 2018 healthcare data breaches, the largest healthcare data breaches of the year, and 2018...
View ArticleMultiple Flaws Identified in LabKey Server Community Edition
Security researchers at Tenable Research have discovered multiple flaws in LabKey Server Community Edition 18.2-60106.64 which could be exploited to steal user credentials, access medical data, and run...
View ArticleGDPR Incorporated into the HITRUST CSF
HITRUST has combined the European Union’s General Data Protection Regulation (GDPR) into the HITRUST Cybersecurity Framework (HITRUST HSF) and is working toward the creation of a single framework and...
View ArticlePatches Released to Mitigate Stryker Medical Bed KRACK Vulnerabilities
Nine vulnerabilities have been identified in Stryker Medical Beds. The vulnerabilities could be exploited in a man-in-the-middle attack by an attacker within radio range of vulnerable product to...
View ArticleNew Cybersecurity Framework for Medical Devices Issued by HSCC
The Healthcare and Public Health Sector Coordinating Council (HSCC) has issued a new cybersecurity framework for medical devices. Medical device vendors, healthcare providers, and other healthcare...
View ArticleOregon Health Information Property Act Proposes Paying Patients to Share...
The Oregon Health Information Property Act proposes patients should be allowed to give authorization to their healthcare providers to sell on their health data and to receive payment in exchange for...
View ArticleAetna Settles HIV Status Breach Case with California AG for $935,000
Hartford, CT-based health insurer Aetna has agreed to pay the California Attorney General $935,000 to resolve alleged violations of state laws related to a 2017 privacy violation that exposed state...
View ArticleLegal Action Over Illinois Biometric Information Privacy Act Violations...
The Illinois Supreme Court has ruled that individuals whose privacy has been violated through a breach of the Illinois Biometric Information Privacy Act can take legal action against a private entity,...
View Article