On May 19, 2020, legislative changes to the Washington D.C. data breach notification law took effect. The changes were introduced in March and significantly updated existing breach notification requirements. There has been a major expansion of data classified as personal information that warrants breach notifications if subjected to unauthorized access and new data security requirements… Read More »
The HHS’ Office of Inspector General (OIG) has published a strategic plan for oversight of the COVID-19 response and recovery efforts of the Department of Health and Human Services. OIG will assess how well the HHS has performed in its mission to ensure the health and safety of Americans, determine whether HHS systems and data… Read More »
Palmer, AK-based Mat-Su Surgical Associates has announced it was attacked with ransomware in March. The attack was discovered on March 16 when staff were locked out of its computer systems as a result of the encryption of essential files. A team of independent computer forensics investigators were engaged to assess the nature and scope of… Read More »
Business continuity and disaster recovery plans are important for businesses of all sizes. They help to ensure that in emergency situations, the business can continue to function. In the event of a natural disaster, war, terrorist activity or disease pandemic, the business can continue as normal. Business continuity and disaster recovery plans are a requirement… Read More »
South Texas Children’s Dentistry has been confirmed as having implemented an effective HIPAA Compliance program by Compliancy Group. South Texas Children’s Dentistry had taken steps to comply with the Rules of the Health Insurance Portability and Accountability Act (HIPAA), but to make sure that no aspect of HIPAA had been missed and to ensure continuing… Read More »
While some threat groups have stated that they will not attack healthcare organizations on the frontline in the fight against COVID-19, that is certainly not the case for the operators of NetWalker ransomware, who have been actively targeting the healthcare industry during the COVID-19 public health emergency . Recent research conducted by Advanced Intelligence LLC… Read More »
Four Senators have written to the DHS Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) in response to the recent alert warning COVID-19 research organizations that hackers with links to China are conducting attacks to gain access to COVID-19 vaccine and research data. On May 13, 2020, CISA and the… Read More »
The Health Information Sharing and Analysis Center (H-ISAC) has published a framework for CISOs to manage identity and defend their organization against identity-based cyberattacks. This is the second white paper to be published by H-ISAC covering the identity-centric approach to security. The first white paper explains why an identity-centric approach to cybersecurity is now needed,… Read More »
A joint alert issued has been issued by the IRS, DHS’ Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury to raise awareness of the risk of phishing and other cyberattacks related to the Coronavirus Aid, Relief, and Economic Security (CARES) Act. The CARES Act has made $2 trillion available to support… Read More »
District Medical Group (DMG), an integrated medical group serving patients in Arizona, has started notifying 10,190 patients that some of their protected health information has potentially been compromised. On March 11, 2020, DMG discovered an unauthorized individual had gained access to the email accounts of some of its employees as a result of responses to… Read More »