Sen. Mark Warner (D-Va) recently published a white paper framing cybersecurity as a patient safety issue. The paper suggested several policy updates that could help improve healthcare cybersecurity and encourage healthcare organizations to invest more in cybersecurity, such as the introduction of an incentive program similar to the Meaningful Use program that rewards healthcare providers… Read More »
Developers of mobile health apps may be required to comply with certain federal laws such as the FTC Act, FTC Health Breach Notification Rule, Children’s Online Privacy Protection Act (COPPA), Health Insurance Portability and Accountability Act (HIPAA), Federal Food, Drug and Cosmetics Act (FD&C Act), the 21st Century Cures Act, and the ONC’s Information Blocking… Read More »
The security of medical devices is one of the biggest cybersecurity concerns in healthcare. Hospitals continue to add more connected medical devices and by doing so they significantly increase the attack surface. One recent survey found a strong link between the number of connected medical devices at medical practices and the number of cyberattacks they… Read More »
The New York ambulance service, Empress EMS, is facing multiple class action lawsuits over a ransomware attack that was detected on July 14, 2022. The Hive ransomware group was behind the attack, and as per the group’s modus operandi, after gaining access to the network, sensitive files were stolen, then files were encrypted. According to… Read More »
The COVID-19 vaccination statuses of approximately 500,000 Department of Veterans Affairs employees have been impermissibly disclosed. According to the VA, a spreadsheet containing employee names and their vaccination statuses was placed on SharePoint without appropriate access permissions being set and an email with a link to the spreadsheet was sent on behalf of the Veterans… Read More »
Amazon has announced that it will stop support for third-party HIPAA-eligible skills for its Alexa devices, which means developers will no longer be able to create Alexa skills that collect data covered under the Health Insurance Portability and Accountability Act (HIPAA). Amazon launched its HIPAA-compliant Alexa feature in April 2019, with skills added for patients… Read More »
Achieving and maintaining compliance with the Privacy, Security, Breach Notification, and Omnibus Rules of the Health Insurance Portability and Accountability Act (HIPAA) can be a challenge for HIPAA-regulated entities. One of the easiest approaches is to seek assistance from a third-party compliance company such as Compliancy Group. Compliancy Group was founded in 2005 by former… Read More »
The medical Internet of Things (IoT) is helping to improve efficiency and make healthcare more patient-centric; however, as hospitals increase the number of networked medical devices, the attack surface increases, giving malicious actors more opportunities to conduct attacks. Connected devices with IoT sensors such as insulin pumps, defibrillators, and glucose monitors often have vulnerabilities that… Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint cybersecurity advisory about Cuba Ransomware and have shared details of the tactics, techniques, and procedures (TTPs) used by the group, along with Indicators of Compromise (IoCs) to help network defenders improve their defenses against attacks and rapidly… Read More »
CommonSpirit Health has provided an update on its October 2022 ransomware attack and has confirmed that the threat actors behind the attack accessed files containing patient information. The attack was detected by CommonSpirit Health on October 2, 2022, and action was immediately taken to secure its network. While the attack caused disruption at its healthcare… Read More »