Features
Features
-
Breaking down New York's hospital cybersecurity regulations
New York's hospital cybersecurity regulations include 72-hour incident reporting and other requirements to bolster cybersecurity programs in the state's general hospitals. Continue Reading
-
Mitigating risk as healthcare supply chain attacks prevail
A focus on cyber resilience is essential for mitigating the risk of healthcare supply chain attacks, which have the potential to cause widespread disruptions. Continue Reading
-
Navigating cyber insurance coverage as threats evolve
The evolving cyberthreat landscape makes cyber insurance coverage decisions difficult for underwriters and healthcare organizations alike. Continue Reading
-
Exploring today's top rural healthcare cybersecurity challenges
Financial troubles and an ongoing cyber workforce shortage are some of the factors contributing to persisting rural healthcare cybersecurity challenges. Continue Reading
-
Top considerations for HIPAA-compliant cloud computing
HIPAA-compliant cloud computing is essential to reducing security, privacy and legal risks within a healthcare organization. Continue Reading
-
Understanding NIST's post-quantum cryptography standards
NIST encouraged organizations to implement its three post-quantum cryptography standards to prepare for the emergence of powerful quantum computers that could threaten security. Continue Reading
-
Understanding healthcare data breach lawsuit trends
Lawsuits often follow a healthcare data breach, but understanding what drives litigation trends can help healthcare organizations prepare. Continue Reading
-
What health IT pros can learn from the CrowdStrike outage
Following the CrowdStrike outage, experts recommended that health IT security practitioners focus on building resilience and tackling third-party risk. Continue Reading
-
What is the Health Breach Notification Rule, Who Does It Apply To?
The Federal Trade Commission’s Health Breach Notification Rule applies to vendors of personal health records, including health apps and other non-HIPAA-covered entities. Continue Reading
-
Breaking Down the NIST Cybersecurity Framework, How It Applies to Healthcare
Healthcare organizations can strengthen their overall security postures by using the NIST Cybersecurity Framework's collection of standards and best practices. Continue Reading
-
How HHS-OIG conducts cybersecurity audits
Healthcare organizations and HHS entities can use the recommendations provided in HHS-OIG cybersecurity audit reports to strengthen the security of their systems. Continue Reading
-
Change Healthcare cyberattack exposes cybersecurity concerns
The Change Healthcare cyberattack has sparked conversations about third-party risk management, the importance of MFA, and the effects of consolidation in healthcare. Continue Reading
-
How updated third-party tech guidance affects compliance efforts
In its updated bulletin on third-party tracking tech, OCR doubled down on its stance that an IP address of a device accessing certain parts of a covered entity’s website constitutes PHI. Continue Reading
-
How Health First navigated incident response for Change Healthcare cyberattack
A well-practiced runbook helped Health First, an integrated delivery network in Florida, swiftly respond to the Change Healthcare cyberattack, though not without lessons learned. Continue Reading
-
3 ways to prepare for impending HIPAA Security Rule updates
Covered entities and business associates should prepare for changes as HHS plans to update the HIPAA Security Rule this spring. Continue Reading
-
Understanding the Impact of the Change Healthcare Cyberattack on Providers
From major pharmacy chains to independently owned practices, providers across the country are facing significant operational challenges as the Change Healthcare outages continue. Continue Reading
-
Healthcare Faces Uncertainty Amid Change Healthcare Cyberattack
Business continuity remains paramount as the fallout from the Change Healthcare cyberattack continues. Continue Reading
-
Exploring the Health Industry Cybersecurity Practices (HICP) Publication, How to Use It
The Health Industry Cybersecurity Practices (HICP) publication can be a key asset to improving cybersecurity within healthcare organizations of all sizes. Continue Reading
-
How HHS Cybersecurity Performance Goals Will Impact Healthcare
The HHS cybersecurity performance goals are voluntary at the moment but will likely be the basis for future cyber mandates in healthcare. Continue Reading
-
How the Executive Order on AI Will Impact Healthcare Cybersecurity
President Biden’s executive order on safe, secure, and trustworthy AI emphasizes the need to establish rigorous security standards, which will have an impact on healthcare cybersecurity. Continue Reading
-
This Year’s Largest Healthcare Data Breaches
More than 540 organizations reported healthcare data breaches to HHS in 2023, impacting upwards of 112M individuals. Continue Reading
-
What the 23andMe Data Breach Reveals About Credential Stuffing
Using credential stuffing, hackers did not even need to access internal systems at 23andMe to cause a large-scale leak impacting 6.9M individuals. Continue Reading
-
Understanding the Nuances of the Healthcare Cybersecurity Regulatory Landscape
A patchwork of key healthcare cybersecurity and privacy regulations aim to keep cyber threats at bay, but compliance can be challenging. Continue Reading
-
How the DIGIHEALS Project Is Tackling Cybersecurity Technology Gaps
HHS launched the Digital Health Security (DIGIHEALS) project to protect healthcare’s electronic infrastructure from cyberattacks and fund innovative research initiatives. Continue Reading
-
Communicating With a Patient’s Family Under the HIPAA Privacy Rule
Providers must ensure that they are following the HIPAA Privacy Rule when choosing to disclose a patient’s protected health information with the patient’s family and friends. Continue Reading
-
What is a Zero-Day Attack, How Can Healthcare Defend Against Them?
Zero-day attacks pose significant dangers to the healthcare sector, but defenders can mitigate risk by patching early and often. Continue Reading
-
How HHS Plans to Prioritize Healthcare Cybersecurity
At the HIMSS Healthcare Cybersecurity Forum, HHS representatives discussed healthcare cybersecurity focus areas for the next 12 to 24 months. Continue Reading
-
What is SEO Poisoning, How Can Healthcare Defend Against It?
Threat actors lure victims into clicking on seemingly credible links by optimizing malicious web pages through a tactic known as SEO poisoning. Continue Reading
-
Biggest Healthcare Data Breaches Reported This Year, So Far
More than 39 million individuals have been impacted by healthcare data breaches reported in the first half of 2023 alone. Continue Reading
-
Key Ways to Prepare For Revamped Medical Device Security Requirements
Medical device manufacturers will have to adjust their premarket activities to prepare for Oct. 1st, when the FDA will begin refusing medical device submissions for cybersecurity reasons. Continue Reading
-
3 Best Practices For Maturing Healthcare Third-Party Risk Management
Panelists discussed top third-party risk management challenges and best practices at the HealthITSecurity Virtual Summit. Continue Reading
-
How the HSCC is Bridging the Gap Between Cyber Haves and Have-Nots
Recognizing that patient safety and cybersecurity are inextricably linked is a crucial step in strengthening the security posture of the healthcare sector, HSCC leader Greg Garcia suggested at the HealthITSecurity Virtual Summit. Continue Reading
-
Aligning Substance Abuse Confidentiality Regulations With HIPAA to Enhance Compliance
Covered entities are awaiting a final rule that would align the Confidentiality of Substance Use Disorder (SUD) Patient Records regulations under 42 CFR part 2 with HIPAA. Continue Reading
-
How to Properly Dispose of Electronic PHI Under HIPAA
HIPAA requires covered entities to implement appropriate safeguards to protect electronic PHI throughout its lifecycle. Continue Reading
-
How to Properly Dispose of Paper Medical Records, Physical PHI Under HIPAA
HIPAA requires covered entities to implement appropriate administrative, technical, and physical safeguards to protect PHI at all times, even when disposing of it. Continue Reading
-
3 Trends From the HIMSS Healthcare Cybersecurity Forum
Enhancing collaboration and communication, managing third-party risk, and balancing innovation with security were among the top trends discussed at this year’s HIMSS Healthcare Cybersecurity Forum. Continue Reading
-
Exploring the HIPAA Privacy Rule’s Right of Access Provisions
HIPAA-covered entities must comply with the HIPAA Privacy Rule’s right of access provisions, which ensure that patients have access to their health records in a timely and cost-effective manner. Continue Reading
-
How Cybersecurity Vulnerability Disclosures Help the Healthcare Community
Cybersecurity vulnerability disclosures are essential to spreading awareness, increasing transparency, and encouraging collaboration in the healthcare community. Continue Reading
-
How BCBS MA Combats DME, Telemedicine Fraud Schemes
With just a snippet of personal information, scammers are roping in providers and tricking seniors into elaborate DME and telemedicine fraud schemes. Continue Reading
-
How Healthcare is Tackling Patient Privacy in a Post-Roe World
The Supreme Court’s decision in Dobbs v. Jackson Women’s Health Organization will require providers, regulators, and tech companies to rethink patient privacy. Continue Reading
-
How to Identify, Address Insider Threats in Healthcare
Stories of malicious external threat actors may dominate headlines, but insider threats can be equally damaging to healthcare cybersecurity. Continue Reading
-
Increasing API Adoption While Addressing Healthcare Cybersecurity Concerns
With healthcare cybersecurity best practices in mind, API adoption can help organizations increase interoperability, efficiency, and security. Continue Reading
-
Operational Technology (OT) Security Risks, Best Practices in Healthcare
As healthcare becomes increasingly interconnected, organizations should prioritize operational technology (OT) security efforts alongside IT security. Continue Reading
-
Common HIPAA Administrative Safeguards Under The HIPAA Security Rule
HIPAA administrative safeguards are crucial measures that all covered entities must consider under the HIPAA Security Rule. Continue Reading
-
Common HIPAA Physical Safeguards Under The HIPAA Security Rule
HIPAA physical safeguards are crucial to protecting electronic protected health information (ePHI) and are essential to maintaining HIPAA compliance. Continue Reading
-
Common Types of Social Engineering, Phishing Attacks in Healthcare
Phishing remains one of the most effective social engineering attacks used against healthcare organizations. Continue Reading
-
What is the HIPAA Privacy Rule?
The HIPAA Privacy Rule protects patient privacy while enabling the flow of health information. Continue Reading
-
What is the HIPAA Security Rule?
The HIPAA Security Rule requires covered entities and business associates to implement technical, physical, and administrative safeguards. Continue Reading
-
Responding To a Healthcare Ransomware Attack: A Step-By-Step Guide
With a comprehensive incident response plan, organizations can respond to healthcare ransomware attacks efficiently and effectively. Continue Reading
-
Misconceptions About HIPAA, Interoperability, Information Blocking
At the HealthITSecurity virtual summit, panelists discussed common misconceptions surrounding HIPAA, interoperability, and information blocking. Continue Reading
-
Is the Proliferation of Cybersecurity Vendors Helping or Hurting Healthcare?
The proliferation of cybersecurity vendors calls for wiser investment decisions rather than inflated budgets, Michael Carr explained at the HealthITSecurity Virtual Summit. Continue Reading
-
What Is Holding Healthcare Back From Digital Transformation?
Barriers to digital transformation in healthcare include the ongoing cybersecurity workforce shortage and the sector's reliance on legacy systems. Continue Reading
-
The Quest to Improve Security, Privacy of Third-Party Health Apps
WEDI and the Confidentiality Coalition proposed recommendations for improving the transparency, security, and privacy of third-party health apps with access to PHI. Continue Reading
-
Your Responsibilities Under the HIPAA Breach Notification Rule
After experiencing a PHI breach, HIPAA-covered entities and business associates must comply with reporting requirements under the HIPAA Breach Notification Rule. Continue Reading
-
Driving Digital Transformation in Healthcare With Industry Clouds
Industry clouds allow healthcare organizations to accelerate digital transformation and tailor cloud technology to specific business needs. Continue Reading
-
HIPAA Technical Safeguards: A Basic Review
It’s critical to review the requirements of HIPAA technical safeguards to ensure that your healthcare organization is compliant and able to keep PHI safe. Continue Reading
-
What Is a HIPAA Business Associate Agreement (BAA)?
HIPAA-covered entities must have a business associate agreement (BAA) in place with each of their partners to maintain PHI security and overall HIPAA compliance. Continue Reading
-
Managing Telehealth, Remote Patient Monitoring Security Concerns
Industry experts weigh in on how the healthcare sector can manage telehealth and remote patient monitoring security concerns. Continue Reading
-
PCI Compliance Versus HIPAA Compliance In Healthcare
Maintaining PCI compliance and HIPAA compliance can help healthcare organizations protect all forms of patient data, from medical information to credit card numbers. Continue Reading
-
Adopting Defense In Depth Strategies to Combat Healthcare Cyberattacks
The AHA’s John Riggi and Attivo Networks' Carolyn Crandall share insights on how organizations can navigate current healthcare cyber threats by using defense in depth strategies. Continue Reading
-
Pros and Cons of Public, Private, Hybrid, Multi-Cloud Architectures
Healthcare organizations must consider scalability and security risks when it comes to choosing between a public, private, hybrid, or multi-cloud architecture. Continue Reading
-
Why Endpoint Security is Critical For Healthcare Cybersecurity
Endpoint security should be the cornerstone of any healthcare organization’s cybersecurity architecture. Continue Reading
-
Is Killware Really the Next Evolution of Healthcare Ransomware Attacks?
"Killware" may sound more threatening, but traditional, financially motivated cyberattacks are still the biggest risk to healthcare cybersecurity. Continue Reading
-
Security, Privacy Risks of Artificial Intelligence in Healthcare
As regulatory agencies work to catch up to technological advances, the security and privacy risks of artificial intelligence in healthcare remain. Continue Reading
-
Top Healthcare Cybersecurity Challenges, How to Overcome Them
With a multitude of critical data and patient safety hanging in the balance, there is a unique set of healthcare cybersecurity challenges that must be carefully considered. Continue Reading
-
Using Software Bill of Materials (SBOMs) For Medical Device Security
Software bill of materials (SBOMs) enable healthcare organizations to manage medical device security risks while promoting transparency between manufacturers and providers. Continue Reading
-
How to Implement a Cyber Incident Response Plan for Healthcare
Creating a comprehensive cyber incident response plan can help healthcare organizations maintain reputation and patient safety. Continue Reading
-
Status, Challenges of Information Blocking Rule Compliance
The Information Blocking Rule compliance deadline passed in April 2021, but questions about electronic health information sharing remain. Continue Reading
-
3 Keys to Third-Party Risk Management at WellSpan Health
WellSpan Health’s third-party risk management strategy focuses on assessing vendors, managing employee and non-employee access, and collaborating to mitigate risk. Continue Reading
-
3 Barriers to Achieving Medical Device Security
Medical device security challenges include a lack of visibility, out-of-date devices, and an ever-changing threat landscape. Continue Reading
-
The Threat of Distributed Denial-Of-Service Attacks in Healthcare
Rapid7’s chief data scientist explores the threat of distributed denial-of-service (DDoS) attacks in healthcare and how to prevent the emerging threat. Continue Reading
-
FIN12 Ransomware: Why It’s a Healthcare Threat, How to Prevent an Attack
FIN12 is efficient, unpredictable, and unafraid of targeting the healthcare sector, Mandiant experts warn. Continue Reading
-
The Importance of Third-Party Risk Assessments in Healthcare
Jeremy Huval, chief innovation officer at HITRUST, explains the importance of conducting third-party risk assessments to safeguard healthcare organizations. Continue Reading
-
Exploring Zero Trust Security in Healthcare, How It Protects Health Data
A zero trust security model can help healthcare organizations safeguard their interconnected networks and devices while protecting sensitive health data. Continue Reading
-
2021’s Top Healthcare Cybersecurity Threats, What’s Coming in 2022
EY Americas cybersecurity leader Elizabeth Butwin Mann reviews some of this year’s biggest healthcare cybersecurity threats and discusses what to watch for in 2022. Continue Reading
-
De-Identification of PHI According to the HIPAA Privacy Rule
The two HHS-approved methods for the de-identification of PHI can aid in clinical research while ensuring HIPAA compliance and patient privacy. Continue Reading
-
Key Differences Between PHI and PII, How They Impact HIPAA Compliance
Covered entities must understand the differences between PII and PHI to maintain HIPAA compliance and protect patient data. Continue Reading
-
Can Healthcare Mitigate Risks to the COVID-19 Vaccine Supply Chain?
Hackers are continuing to target and exploit the COVID-19 vaccine supply chain. Providers must leverage all risk mitigation to secure vulnerable technologies. Continue Reading
-
Insights into HHS COVID-19 HIPAA Waivers and Lasting Implications
HHS and OCR have issued several COVID-19 HIPAA waivers around telehealth and data sharing amid the pandemic. But it’s crucial providers keep privacy and security in focus. Continue Reading
-
Can Multi-Factor Authentication Help Healthcare’s Security Posture?
Multi-factor authentication blocks nearly all automated cyberattacks, and most compromised accounts didn’t use the tech. Healthcare’s security posture is in need of improvement. Continue Reading
-
Filling Healthcare Security Staffing Gaps with Virtual CISOs, Students
Over half of organizations still do not have a designated security leader; transitioning internships and virtual CISOs can fill some of those healthcare security staffing gaps. Continue Reading
-
What Is Cyber Insurance for Healthcare Organizations?
In the wake of recent data breaches, healthcare organizations are turning to cyber insurance to offset some of the costs. Here’s what they need to understand about assessing insurers and policies to ensure adequate coverage. Continue Reading
-
Complying with the HIPAA Privacy Rule During Emergency Situations
The last thing on healthcare professionals’ minds in emergency situations is complying with the HIPAA Privacy Rule, but it should be a priority. Continue Reading
-
Perils of Healthcare Phishing and What You Can Do About It
Healthcare phishing is a real danger to everyone in healthcare. In fact, phishing has become the preferred method for hackers to breach healthcare organizations to steal valuable medical data and/or deploy ransomware. Continue Reading
-
Defending Against Healthcare Ransomware Attacks
Healthcare ransomware attacks have become a security nightmare for many organizations over the last couple of years. Here's what you can do to lessen their impact on your organization. Continue Reading
-
Data Security Considerations in Healthcare Interoperability
The national push for healthcare interoperability continues to gain strength, but there are key data security areas that covered entities must consider as they implement new technologies. Continue Reading
-
HIPAA Data Breaches: What Covered Entities Must Know
Covered entities and their business associates need to understand the basics of how HIPAA data breaches are determined, and what they can do to keep information secure. Continue Reading
-
The Role of Risk Assessments in Healthcare
Healthcare risk assessments are not only required under HIPAA regulations, but can also be a key tool for organizations as they develop stronger data security measures. Continue Reading
-
How Ransomware Affects Hospital Data Security
Healthcare ransomware is quickly becoming an industry buzzword, but what is it exactly and how can organizations improve their hospital data security? Continue Reading
-
Increased EHR Adoption Raises Need for Robust Security
Recent cybersecurity attacks on health systems and hospitals shine the light on the importance of EHR security Continue Reading