Two hacking incidents involving vendors providing important IT-related and other services to dozens of covered entity clients are among the latest breaches affecting hundreds of thousands of individuals' data and show how mounting reliance on third parties creates increased risk to patient data.
Another proposed federal class action lawsuit alleges Facebook uses its Pixel tracking tool to collect millions of individuals' sensitive health data from healthcare provider websites without patients' knowledge or consent. HIPAA prohibits the use of PHI for marketing purposes without consent.
The report from Israeli publisher Globes that CrowdStrike plans to spend $2 billion buying one or more Israeli cybersecurity companies sent shockwaves through the industry. Here's a look at six security startups with a large presence in Israel that could be a good fit for CrowdStrike.
Big, bad bugs - including the likes of Heartbleed, BlueKeep and Drupalgeddon - never seem to burn out. Instead, they just slowly fade away, despite the risk that attackers will successfully exploit them to steal data, seize control of systems or deploy ransomware.
New draft guidance from the National Institute of Standards and Technology - if properly applied by HIPAA regulated entities - could help organizations avoid fines and similar enforcement actions by regulators in the wake of breaches, some experts say.
Getting cybersecurity right means CISOs need peer relationships with other operations executives. CISOs need board access and a handle on the company business, writes Ian Keller, director of security at a telecom company. "And then you'll wake up and realize this is not as simple as it sounds."
A slew of HIPAA enforcement actions is a sign that regulators are impatient with the short shrift that many medical providers give to providing patients access to their health information. No fewer than 11 of the last dozen HIPAA fines focus on a right of access dispute.
Many healthcare sector entities are undertaking projects involving the collection, analysis and sharing of large volumes of health data. But along with those efforts come critical privacy and security concerns, says attorney Iliana Peters of Polsinelli.
While 52% of organizations in a SANS survey reported having high confidence in their visibility of north-south traffic, only 17% said the same about knowing what's happening within their networks.
Please don't pay ransoms, authorities continue to urge. Britain's lead cyber agency and privacy watchdog are now making that appeal directly to legal advisers, warning them that paying a ransom offers no data protection upsides and won't lessen any fine they might face.
The Biden administration continues to react to the Supreme Court's overturn of precedent guaranteeing a constitutional right to abortion, issuing Friday an executive order that includes provisions to help safeguard the privacy of patients' data.
Google's move to soon begin deleting location history pertaining to individuals' visits to facilities offering sensitive healthcare services is a step in the right direction, but experts say technology firms and others could do more to better protect the privacy of health data.
A ransomware attack on an accounts receivables management firm has affected hundreds of healthcare clients - including dental practices, physician groups and hospitals, resulting in one of the largest health data breaches involving a vendor so far this year.
Location data, browser history, IP addresses, and appointment scheduling are among the sensitive data putting individuals' privacy at risk in the wake of the decision to overturn Roe v. Wade, says Alexandra Reeve Givens of the Center for Democracy and Technology.
To help improve HIPAA breach reporting, the Department of Health and Human Services should implement a formal mechanism for organizations to communicate with regulators about that process, according to a new report from the Government Accountability Office.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.