A checklist to help healthcare organizations respond to a serious cyberattack

How should organizations in the healthcare sector respond to outage due to a serious cyberattack? The Healthcare and Public Health Sector Coordinating Council’s (HSCC) Cybersecurity Working Group (CWG) has released a tactical checklist aimed at h… Continue reading A checklist to help healthcare organizations respond to a serious cyberattack

Five ransomware groups, five victims… will it ever ease up?

The following is a snapshot of recent attacks on U.S. healthcare entities by ransomware teams. #1 First Choice Community Healthcare – Hive Hive threat actors have never sworn off attacking the healthcare sector. In addition to claiming that they … Continue reading Five ransomware groups, five victims… will it ever ease up?

ANNOUNCE: HHS’ Office for Civil Rights Seeks Public Comment on Recognized Security Practices and Sharing Civil Money Penalties and Monetary Settlements Under the HITECH Act

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) today released a Request for Information (RFI) seeking input from the public on two requirements of the Health Information Technology for Economic and Clinical Health… Continue reading ANNOUNCE: HHS’ Office for Civil Rights Seeks Public Comment on Recognized Security Practices and Sharing Civil Money Penalties and Monetary Settlements Under the HITECH Act

Data privacy laws are an opportunity to become more honest in reaching your target audience

Data privacy regulations are designed to give consumers more transparency into and control over how their data is collected, shared and used, especially as more consumers grow concerned about how their data is accessed and used by big data companies. A… Continue reading Data privacy laws are an opportunity to become more honest in reaching your target audience

HIPAA: The Who: Plans, Providers, and Clearinghouses, and the First of the Rule of 3s.

With all the wildly erroneous claims made by people about what is covered by HIPAA, here’s a great explainer by attorney Jeff Drummond on exactly what kinds of entities ARE covered by HIPAA (Spoiler alert: yes, your local bar CAN ask you your vac… Continue reading HIPAA: The Who: Plans, Providers, and Clearinghouses, and the First of the Rule of 3s.

Data security in the age of insider threats: A primer

Of course, your employees are diligent, security conscious and loyal. But the real world tells a different story. A grand total of 94% of organizations had an insider data breach in the past year, with 84% of the data breaches resulting from human erro… Continue reading Data security in the age of insider threats: A primer

If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate

Jean E. Tomasco of Robinson & Cole writes about a breach involving an accounting firm that is a business associate to a number of covered entities. This month, the firm, Bansley & Kierner, issued a notice and started notifying individuals and H… Continue reading If Your Disclosure of a Data Breach Was “Late,” You May Have to Litigate

Drata announces automated HIPAA compliance to safeguard protected health information

Drata released its automated HIPAA compliance, empowering companies to comply with the federal law addressing protected health information (PHI). HIPAA is the third addition to Drata’s framework offering, joining SOC 2 compliance and ISO 27001 certific… Continue reading Drata announces automated HIPAA compliance to safeguard protected health information