By Zac Amos – With cyberattacks in the healthcare industry becoming increasingly prevalent over the past few years, cybersecurity infrastructure has had to develop rapidly. Yet, traditional methods often focus exclusively on technical barriers such as firewalls and encryption. They overlook one of the health sector’s most underappreciated risks: human error.
Read More
By Matt Fisher – Revealing a data breach can be a hard action for an organization to take. The ongoing stream of notifications still generates attention, which is typically not positive when a security breakdown is revealed. At the same time, the notification is (or should be) unavoidable since the HIPAA breach notification rule is clear about what action is necessary.
By Jason Stewart – Despite the fact that the majority of healthcare data breaches are due to the inadequate security of third-party vendors, the vetting of these partners is still uneven across the industry.
By Alix Goss – Changes to how HIPAA-adopted standards are maintained rarely generate much attention. They tend to unfold slowly, behind the scenes, and often become visible only once a new version is formally named in a regulation. That lack of visibility can make it easy to miss early signals about how standards are….
By Erin Rutzler – The new year brings with it all kinds of new opportunities for healthcare fraud, waste, and abuse (FWA) from bad actors. As FWA trends remain as relevant as ever in 2026, one common scheme to stay vigilant against is “phantom providers.”
By Jake Bice – In early 2025, Frederick Health experienced a ransomware attack that affected more than 900,000 patient records and slowed operations for weeks. Frederick Health has permitted us to share this account of what actually occurred during the attack so that other healthcare organizations can learn valuable lessons.
By Zac Amos – Artificial intelligence powers healthcare operations, clinical decision support and administrative efficiency, but cybercriminals use the same tools to carry out more convincing, scalable and adaptive fraud. AI-enabled schemes exploit complex systems, data and human trust, making strong governance, technical controls and organizational awareness essential.
By Frank Zamani – A physician needed to share large imaging files with a specialist. The hospital’s file transfer system was too slow, so she used Dropbox instead. Three months later, a compliance audit revealed PHI for 2,400 patients had been stored on an unauthorized platform, no encryption, no access controls, no business associate agreement. The potential HIPAA penalties: up to $1.7 million.
By Russell Teague – Why Stronger Mandates Are Necessary and Why Action Cannot Wait – Healthcare organizations are being urged to prepare for an update to the HIPAA Security Rule expected in the early part of this year. The proposed changes would require mandatory twice-annual vulnerability scanning, annual penetration testing, and…