A new watchdog agency report says HHS needs to provide much more guidance on how healthcare organizations should implement controls identified by the NIST Cybersecurity Framework. But some security experts are calling for bolder action - an update of the HIPAA Security Rule.
Why are hacked healthcare records so valuable? It's because stolen patient records often end up for sale on the deep web as part of information packages called "fullz" and "identity kits" used by fraudsters to commit a wide variety of crimes, says James Scott of the Institute for Critical Infrastructure Technology.
B. Vindell Washington, M.D., the new head of the Office of the National Coordinator for Health IT, pledges that the agency's top priority of advancing standards-based interoperable, secure health data exchange will continue under his leadership. But what will happen once a new president is elected?
How do companies in the healthcare industry better manage risk and keep their most valuable data safe when stolen healthcare information commands such a high price on the dark web? Download the case study, "Proactively Challenge Cyber Threats in the Healthcare Industry," to learn how this healthcare organization...
A Florida healthcare provider that treated victims of the Pulse nightclub massacre in June is notifying patients impacted by a breach involving record snooping. The incident spotlights common privacy and security challenges.
Granular patient consent policies - adopted despite HIPAA allowing certain data to be shared without explicit patient consent - can lead to less data being exchanged by healthcare entities, says researcher Julia Adler Milstein of the University of Michigan, who describes results of a new study.
A former Fla. hospital worker has been sentenced to federal prison in a case involving criminal HIPAA violations and tax fraud. Although the prosecution of HIPAA-related crimes are still rare, some experts say such cases could be on the rise.
The recent cyberattack on Banner Health Care, which may have compromised information on as many as 3.7 million individuals, appears to be the largest healthcare data breach reported so far in 2016 - a year that's already seen a string of disturbing hacker attacks. Here's an overview of recent cyberattack trends.
The Democratic Party platform calls for balancing privacy and security concerns, and vice presidential nominee Tim Kaine endorses the formation of a commission to advise Congress on developing digital security and encryption laws.
A Congressional proposal that would allow HHS to offer technical assistance to private-sector efforts aimed at solving the problem of matching the right records to the right patient could pave the way for a significant breakthrough, says Lynne Thomas Gordon, CEO of AHIMA, which represents records professionals.
A Georgia-based orthopedic clinic has confirmed it's one of the victims of cyberattacks by "The Dark Overlord" hacker who recently posted for sale copies of stolen databases he says contain millions of records. But the clinic is tight-lipped about whether it was a victim of extortion.
Evolving criminal and unscrupulous internal threats to healthcare
data networks continue to plant seeds of fear and uncertainty
in the minds of healthcare IT professionals. Those fears are wellfounded;
a recent Information Week survey found that 91 percent
of small healthcare practices in North America say they...
Breach fallout continues to mount in the aftermath of a cyberattack on cloud-based electronic health records vendor Bizmatics, which apparently affected hundreds of thousands of patients. The saga highlights important security lessons for covered entities when it comes to dealing with business associates.
HIPAA has long provided patients with the right to access their own "designated record set" of protected health information. But federal regulators are on a campaign to help patients and healthcare organizations understand records access rights, as well as the related privacy risks.