Collaborate Disseminate
From HHS, this interesting press announcement: Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’ Manag… Continue reading HHS announces its first settlement in a ransomware case: Doctors’ Management Services
In recognition of National Cybersecurity Awareness Month, OCR has produced a new video this October for organizations covered under the HIPAA Rules on how the HIPAA Security Rule can help regulated entities defend against cyber-attacks. The video is av… Continue reading OCR Releases Cybersecurity Video: How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks
From HHS OCR: OCR Webinar on The HIPAA Security Rule Risk Analysis Requirement Threats and vulnerabilities to electronic protected health information (ePHI) in today’s healthcare environment are numerous and varied. ePHI is under constant threat from m… Continue reading October 31: OCR Webinar on The HIPAA Security Rule Risk Analysis Requirement
From HHS’s October cybersecurity newsletter: Last year, the Department of Health and Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) released a threat brief on the different types of social engineering1 that hackers us… Continue reading HIPAA requires employers to sanction employees who violate HIPAA. Did you know that?
Indiana Attorney General Rokita led a coalition of 33 attorneys general in a multi-state investigation and litigation against health care clearinghouse Imnediata stemming from a breach disclosed in 2019. Background In January 2019, HHS OCR alerted Inme… Continue reading Inmediata settles multi-state litigation for $1.14 million; will improve data security and breach notification practices
I am a sysadmin, though not security-specific. I was recently stunned to receive an automated email from my physician’s office (in USA) containing an HTTP link to their website for the completion of preregistration forms.
Starting on a cl… Continue reading Proper HIPAA security
The HHS Office for Civil Rights (OCR) will be producing a pre-recorded webinar for HIPAA covered entities and business associates (collectively, “regulated entities”) discussing how the Security Rule can help regulated entities defend against cyber-att… Continue reading OCR Presents: How the Security Rule Can Help Defend Against Cyber-Attacks
Following the Internet Organised Crime Assessment (IOCTA) 2023, today Europol published the spotlight report “Cyber Attacks: The Apex of Crime-as-a-Service”. It examines developments in cyber-attacks, discussing new methodologies and threats as observe… Continue reading IOCTA spotlight report on malware-based cyber-attacks published
LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Po… Continue reading HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations
Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s bre… Continue reading An inexcusable gap from breach to notification, or an excusable one?