The Department of Health and Human Services has named Lisa J. Pino - a former Department of Homeland Security official charged with mitigating the massive 2015 cyberattack on Office of Personnel Management - as the new director of its HIPAA enforcement agency.
For combating ransomware, doing the security basics is essential, including keeping systems updated and patched. Don't follow in the footsteps of one technology firm, which Sophos found got hit by Cring ransomware after attackers exploited ColdFusion software that hadn't been patched in 11 years.
Two proposed class action lawsuits filed this week in a California federal court allege negligence and a variety of other claims against UC San Diego Health in the wake of a phishing incident that affected nearly 496,000 individuals.
The acquisition of the SAFE Identity consortium and its trust framework by DirectTrust, best known for creating and maintaining trust frameworks for secure email messaging in healthcare, will help facilitate new secure health information exchange use cases, says DirectTrust CEO Scott Stuewe.
Two eye care entities are among the latest healthcare provider organizations recently reporting hacking breaches each affecting tens of thousands of individuals. One of the incidents involved a foiled wire transfer fraud attempt.
Alaska's Department of Health and Social Services says it is notifying "all Alaskans" that their personal and protected health information may have been compromised in a nation-state-sponsored cyberattack that was detected in May, from which the department is still recovering.
While the wait continues for the Biden administration to name a new leader for the Department of Health and Human Services' Office for Civil Rights, the HIPAA enforcement agency recently issued its 20th settlement to date in a case involving a patient "right of access" dispute.
The FTC warns makers of personal health records, mobile health apps, fitness devices and a variety of similar products and services that they will face stiff civil monetary penalties for failure to comply with the commission's 12-year-old - but never-yet enforced - Health Breach Notification Rule.
While a final rule for enforcement of the 21st Century Cures Act information blocking regulations is slated to be issued this month, some regulators are still uncertain that timeline will stick, or when other related unresolved details will be disclosed.
"Silence is gold." So says ransomware operator Ragnar Locker, as it attempts to compel victims to pay its ransom demand without ever telling anyone - especially not police. But some ransomware-battling experts have been advocating the opposite, including mandatory reporting of all ransom payments.
A proposed class action lawsuit against Flo Health alleges the fertility-tracking mobile app maker unlawfully shared sensitive consumer health data with Google, Facebook and other software vendors. The lawsuit comes after a recent settlement with the FTC over similar data-sharing privacy concerns.
The Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."
The impact of Hurricane Ida, including huge power outages, points to the importance of healthcare organizations and others having comprehensive business continuity and disaster recovery plans in place for natural disasters as well as cyber incidents.
The Department of Defense did not effectively control access to the health information of high-profile personnel, says a new watchdog agency report, which hints that the findings also may indicate ineffective access control over other DoD employees' health records.
Indianapolis, Indiana-based Eskenazi Health has acknowledged that hackers stole some data and posted it on the darkweb after a ransomware attack. But the organization says it's not yet determined if individuals need to be notified because its investigation is still underway.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.
