A Florida company will pay nearly $300,000 to settle allegations stemming from a 2020 hacking incident that revealed the personal identifying information of hundreds of thousands of minors. The settlement with Jelly Bean Communications Design is part of a federal crackdown on lax cybersecurity.
A cancer patient whose partially naked exam photos and personal data were stolen and subsequently posted on a ransomware leak site last month filed a proposed class action lawsuit, alleging that Lehigh Valley Health Network's refusal to pay the ransom "prioritized money over patient privacy."
A provider of online mental health services is notifying nearly 3.2 million people that the company used website tracking tools to share sensitive patient information with third parties including Facebook, Google and TikTok - without the individuals' consent.
President Joe Biden's budget request for fiscal 2024 includes a big proposed boost for the federal office charged with enforcing privacy and security within the healthcare industry. The proposal asks for $78 million in appropriations for the Office of Civil Rights.
The Department of Health and Human Services and the Health Sector Coordinating Council on Wednesday published an updated toolkit that aims to help healthcare entities align security programs with the National Institute of Standards and Technology's Cybersecurity Framework.
Privacy concerns involving the tracking, collection and disclosure of sensitive health data of consumers - without their knowledge or consent - remain top enforcement priorities for federal regulators, as well as top legislative fodder for some members of Congress.
As healthcare becomes increasingly interconnected, web tracking is easy to overlook but could introduce additional risks to patient privacy. Learn about the different kinds of patient data and the seven recommendations for reducing risk to patients, beneficiaries and the organization.
The Biden administration's national cybersecurity strategy emphasizes bolstering critical infrastructure sector protections, including setting minimum security requirements and enhancing collaboration. But observers says the industry needs more resources and a better security posture to comply.
A case before the U.S. Supreme Court may limit federal prosecutors' ability to bring charges of aggravated identity theft. A Texas man convicted of overbilling Medicaid argued Monday he's not also guilty of identity theft since he had a patient's permission to submit the bill.
With the U.S. COVID-19 public health emergency expected to end in May, the government is set to scrutinize telehealth providers for HIPAA violations. That’s why healthcare firms should review their telehealth platforms and vendors, says privacy attorney Adam Greene of Davis Wright Tremaine.
Five proposed class action lawsuits have been filed so far in the wake of a California medical group's Feb. 1 report of a ransomware attack last December affecting more than 3.3 million individuals. The incident is the largest health data breach reported to federal regulators so far this year.
Federal regulators are working on proposed rule to modify HIPAA to better safeguard the privacy of reproductive health data. The Biden administration last year already issued guidance about the application of the HIPAA Privacy Rule to information about reproductive health.
The attorneys general of Pennsylvania and Ohio have slapped a DNA testing lab with HIPAA settlements totaling $400,000 in the wake of a 2021 hack of a legacy database that affected 2.1 million individuals nationwide, including nearly 46,000 consumers in the two states.
As ransomware attacks continue to target the healthcare industry, cyber risk is now patient safety risk. Unfortunately, many cyber risk management programs are woefully understaffed and resource-constrained. As such, leading healthcare CIOs, CISOs, and Supply Chain executives are rapidly automating best practices and...
Healthcare entities and their vendors should be prepared to show evidence to regulators of how they've implemented "recognized security practices," or RSPs, says Robert Booker, chief strategy officer of HITRUST. "You've got to demonstrate that you align with a framework."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.
