A ransomware attack that forced a Missouri medical center to divert ambulances carrying trauma and stroke patients to other facilities serves as a reminder of the impact cyberattacks can have on healthcare delivery. What are the lessons to learn?
As the Department of Health and Human Services explores how to spur innovation and investment in the healthcare sector, cybersecurity is among top issues that need to be addressed, some industry organizations stress.
A federal grand jury in Pennsylvania has indicted a former patient coordinator on several counts of wrongfully obtaining and disclosing the health information of others. The case is the latest rare example of prosecutors pursuing criminal charges for HIPAA violations.
A health system's decision to reportedly suspend about a dozen employees for apparently snooping at health records related to the tragic death of a co-worker spotlights the many challenges involved with preventing and detecting insider breaches.
Addressing an important privacy issue, federal regulators have issued guidance to clarify details about how patients should authorize the use or disclosure of their protected health information for future research - and their right to revoke that authorization.
A mental healthcare practice's decision to pay a ransom to have sensitive patient data unlocked illustrates the difficult choices that organizations can face when attempting to recover from a ransomware attack.
Federal regulators plan to craft a new proposal for revamping a HIPAA Privacy Rule provision for "accounting of disclosures" of electronic patient records. Updating that rule was mandated under the HITECH Act, but the modification has been in limbo since 2011.
Although the National Institutes of Health is implementing strong privacy measures as it begins its effort to enroll 1 million volunteers to contribute data to its "All of Us" precision medicine research project, there are still risks involved, says privacy attorney Kirk Nahra.
Some military health facilities haven't consistently implemented security controls, putting patient data at risk, according to a new watchdog agency report. But security experts say the weaknesses are quite common at civilian health facilities as well.
To stay ahead of evolving cyber threats, healthcare entities need to deploy a defense-in-depth strategy that includes tapping more advanced tools, including deception technology, says security expert Elie Nasrallah of HITRUST.
At its core, HIPAA compliance is simply about maintaining patient privacy by ensuring the appropriate access to and use of patient data by your users. Electronic Health Record (EHR) solutions provide detail around when patient data is accessed, but without visibility into what users do with sensitive patient data...
CynergisTek's 2018 report aggregated ratings from security assessments performed at hundreds of healthcare organizations in 2017 to reveal an average 45% conformance with NIST Cybersecurity Framework (NIST CSF). The report found that of the NIST CSF five Core Elements, organizations had the lowest ratings in detecting...