Category Archives: Latest Posts

Patch Due for Release on November 1, 2022 to Fix Critical OpenSLL Vulnerability

A warning has been issued to the healthcare and public health sector about a critical vulnerability in the OpenSSL software library. OpenSLL is an open source cryptographic library that is used by most operating systems and applications for implementing Transport Layer Security for secure Internet communications, including connections to websites and web applications. The OpenSSL… Read More »

CISA Publishes Voluntary Cybersecurity Performance Goals for Critical Infrastructure Organizations

A set of cross-sector Cybersecurity Performance Goals (CPGs) have been published by the Cybersecurity and Infrastructure Security Agency (CISA) for critical infrastructure organizations to adopt to achieve a minimum cybersecurity standard and better protect their networks and systems from attacks that threaten their ability to operate. In response to the May 2021 ransomware attacks on… Read More »

Editorial: 5 Reasons Why HIPAA Training is Important

HIPAA training is important beyond “ticking the box” of HIPAA compliance. In this article, we explain how a fully trained and compliant workforce can deliver multiple benefits for organizations subject to HIPAA and provide 5 reasons why HIPAA training is important. HIPAA training is a requirement of the Privacy and Security Rules. According to the… Read More »

PHI of Almost 34,000 Patients Potentially Compromised in Michigan Medicine Phishing Attack

University of Michigan Health (Michigan Medicine) has recently announced that the protected health information of approximately 33,850 patients has potentially been compromised in a phishing attack. Suspicious activity was detected within its email environment and steps were immediately taken to secure the accounts to prevent further unauthorized access. Michigan Medicine said it was targeted in… Read More »

Only One in Five Organizations Follow the 3-2-1 Rule for Data Backups

The healthcare industry is an attractive target for cybercriminals and data thieves. Healthcare organizations store vast amounts of sensitive data that can be easily monetized. Large health systems are often targeted due to the high ransoms that can be demanded, as the recent attack on CommonSpirit Health demonstrated; however, attacks are conducted on healthcare organizations… Read More »

CHIME Urges FTC to Stringently Enforce Health Breach Notification Rule

The College of Healthcare Information Management Executives (CHIME) has recently provided feedback to the Federal Trade Commission (FTC) on its Advance Notice of Proposed Rulemaking (ANPR) on the Trade Regulation Rule on Commercial Surveillance and Data Security and has urged the FTC to hold health apps and data brokers accountable for illegal disclosures of health… Read More »

RIPTA, UnitedHealthcare of New England Sued Over 2021 Data Breach

The American Civil Liberties Union of Rhode Island (ACLU of RI) is taking legal action against the Rhode Island Public Transit Authority (RIPTA) and UnitedHealthcare New England (UHC) over an August 2021 data breach that affected more than 22,000 individuals. According to RIPTA, a cyberattack on its systems was detected and blocked on August 5,… Read More »