OCR Presents: How the Security Rule Can Help Defend Against Cyber-Attacks

The HHS Office for Civil Rights (OCR) will be producing a pre-recorded webinar for HIPAA covered entities and business associates (collectively, “regulated entities”) discussing how the Security Rule can help regulated entities defend against cyber-att… Continue reading OCR Presents: How the Security Rule Can Help Defend Against Cyber-Attacks

IOCTA spotlight report on malware-based cyber-attacks published

Following the Internet Organised Crime Assessment (IOCTA) 2023, today Europol published the spotlight report “Cyber Attacks: The Apex of Crime-as-a-Service”. It examines developments in cyber-attacks, discussing new methodologies and threats as observe… Continue reading IOCTA spotlight report on malware-based cyber-attacks published

HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations

LA Care, the largest publicly operated health plan in the country paid $1,300,000 to settle Today, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) announced a settlement of potential violations of the Health Insurance Po… Continue reading HHS Office for Civil Rights Settles with L.A. Care Health Plan Over Potential HIPAA Security Rule Violations

An inexcusable gap from breach to notification, or an excusable one?

Some state and federal laws provide specific timeframes by which breached entities must provide notice to regulators and to those affected by a data breach. Unfortunately, loopholes abound, as we seen in statutory language such as Minnesota’s bre… Continue reading An inexcusable gap from breach to notification, or an excusable one?

The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously

Eric Geller reports: The U.S. government is struggling to convince hospitals that they need to spend time and money fighting hackers and provide useful advice to them, a problem that could have lethal consequences as the country’s ransomware crisis rag… Continue reading The Government Isn’t Sure How to Get Small Hospitals to Take Cybersecurity Seriously

Health Data and Investigations: Between a Rock and a Hard Place

Matt Fisher writes: Demands for medical records can stem from a variety of investigations, which can involve a myriad of sources. The most recent example driving headlines is an investigation involving Vanderbilt University Medical Center (“VUMC”). VUM… Continue reading Health Data and Investigations: Between a Rock and a Hard Place

One year later, Tift Regional Medical Center notifies patients of Hive attack

In September 2022, DataBreaches broke the story of how Hive had attacked Tift Regional Medical Center in Georgia between July and August. The attack did not involve encryption of systems but Hive claimed to have exfiltrated about 1 TB of data, includin… Continue reading One year later, Tift Regional Medical Center notifies patients of Hive attack

ChatGPT and data protection laws: Compliance challenges for businesses

In this Help Net Security interview, Patricia Thaine, CEO at Private AI, reviews the main privacy concerns when using ChatGPT in a business context, as well as the risks that businesses can face if they betray customers’ trust. Thaine also discus… Continue reading ChatGPT and data protection laws: Compliance challenges for businesses