Healthcare Information Security
  • Remote Access System Hacking Is No. 1 Patient Safety Risk

    October 3, 2018 - Hackers attacking healthcare through remote access systems and disrupting operations is the number one patient safety risk, according to the ECRI Institute’s annual Top 10 Health Technology Hazards for 2019. ECRI Institute said it published 50 cybersecurity-related alerts and problem reports in the last 18 months, a major increase over the prior period. “Remote access...

  • NIST Warns About Cybersecurity Vulnerabilities in Healthcare IoT

    October 1, 2018 - NIST has issued a draft report examining the cybersecurity vulnerabilities and privacy risks posed by Internet of Things (IoT) devices, including healthcare IoT.  “Many organizations are not necessarily aware they are using a large number of IoT devices. It is important that organizations understand their use of IoT because many IoT devices affect cybersecurity and privacy...

  • Boston Hospitals Cough Up $1M for ‘Boston Trauma’ HIPAA Violations

    September 20, 2018 - OCR announced Sept. 20 that it has fined three Boston-area hospitals close to $1 million for HIPAA violations involving the filming of ABC’s TV series “Save My Life: Boston Trauma.”* OCR reached HIPAA settlements with Boston Medical Center (BMC), Brigham and Women's Hospital (BWH), and Massachusetts General Hospital (MGH) for compromising patients’ PHI when...

  • Vendor Blamed for Health Data Breach Exposing 1,500 BCBSRI Members

    September 17, 2018 - Blue Cross and Blue Shield of Rhode Island (BCBSRI) said that a health data breach of PHI affecting 1,567 people was caused by a vendor responsible for sending benefits explanations to members, the Providence Journal reported. The benefits explanations, or summaries, were sent to the wrong members in the same household or on the same family healthcare plan. The summaries included...


Today's Top Stories

CISOs Need to Be Both Healthcare IT Security and Business Experts

CISOs need to be business experts as well as healthcare IT security experts, observed University of Chicago Medicine VP and CIO Heather Nelson during her Oct. 19 keynote address at the Safeguarding Health Information: Building Assurance...

OCR Drafts NPRM on ‘Good Faith’ Patient Data Disclosure Rules

OCR is drafting a notice of proposed rulemaking (NPRM) on “good faith” disclosures of patient data by healthcare providers in patient emergencies, such as an opioid overdose. This disclosure could be done without the...

NCCoE Unveils Vendor Partners for Medical Device Security Project

The NIST-backed National Cybersecurity Center of Excellence (NCCoE) unveiled this week an initial set of vendor partners for a medical device security project called Securing Picture Archiving and Communication Systems (PACS). The vendor...

PHI on 37K at Risk in Gold Coast Health Plan Phishing Attack

California-based Gold Coast Health Plan (GCHP) reported to OCR Oct. 5 that a phishing attack exposed PHI on 37,005 individuals. In a Oct. 8 news release, GCHP said that attackers compromised an employee’s email account,...

Healthcare Organizations Struggle with Vendor IT Security Risks

BOSTON – Healthcare organizations have a range of approaches for assessing and managing the IT security risks posed by third-party vendors, one of the biggest sources of frustration for security teams. St. Luke’s Health System...

SRA Tool 3.0 Expands Application to More Health Data Security Risks

OCR and ONC have updated their security risk assessment (SRA) tool (3.0) to improve usability and expand its application to a broader range of health data security risks. The agencies developed the tool to help small to medium-sized...

Risk Posed By 3rd-Party Services Is Big Healthcare Security Worry

BOSTON—Security risks posed by integration of third-party patient services will be an ongoing healthcare security concern for organizations, commented Johns Hopkins University and Medicine CISO Darren Lacey during a panel...

View all stories

X

SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
BYOD
Cybersecurity
Data Breaches
Ransomware

Our privacy policy

no, thanks