By Frank Zamani – A physician needed to share large imaging files with a specialist. The hospital’s file transfer system was too slow, so she used Dropbox instead. Three months later, a compliance audit revealed PHI for 2,400 patients had been stored on an unauthorized platform, no encryption, no access controls, no business associate agreement. The potential HIPAA penalties: up to $1.7 million.
Read More
By Russell Teague – Why Stronger Mandates Are Necessary and Why Action Cannot Wait – Healthcare organizations are being urged to prepare for an update to the HIPAA Security Rule expected in the early part of this year. The proposed changes would require mandatory twice-annual vulnerability scanning, annual penetration testing, and…
By Devin Partida – Software defects in clinical information technology (IT) systems present a growing legal risk. They can cause patient harm or data breaches, leading to lawsuits. What can health care and IT professionals do to manage this risk?
By Dirk Schrader – Healthcare has always been a mission-driven industry, but it also sits at the intersection of some of the most aggressive cyber threats. Patient records are among the most valuable assets on the black market, and clinical operations are among the least tolerant of downtime.
5 Ways to Keep Your Personal Data Safe – Do you use a fitness tracker, a meditation app, a glucose monitor, or anything that logs your steps or sleep? While these tools can make life easier, they also collect a lot of personal information. Here’s the thing. Not all apps and wearables follow the same rules.
More than 100 hospital systems, healthcare provider organizations, and provider associations have signed a joint stakeholder letter led by CHIME calling on the HHS to withdraw its proposed update to the HIPAA Security Rule and instead engage with healthcare providers to develop a more practical, risk-based cybersecurity framework.
By Scott Anderson – Many behavioral health agencies lack adequate controls to address and recover from a cybersecurity incident. What these agencies need are capabilities such as adequate backup and recovery, managed detection and response, security information and event management, data loss prevention and other key security elements.
By Michael Gray – The healthcare sector’s AI ambitions are accelerating, from augmented telehealth and diagnostics to streamlined billing, claims, and scheduling. But as health systems integrate AI deeper into their workflows, one critical question often gets overlooked: How secure are the models themselves?
By Troy Cruzen: Now that Thanksgiving is behind us and the holiday season is in full swing, this is the time of year when security teams start to worry, and for good reason. Attackers know people are distracted, short-staffed, and ready for some time off.