Senator Mark Warner (D-VA), Chairman of the Senate Select Committee on Intelligence, has recently published a white paper – Cybersecurity is Patient Safety – that highlights the current cybersecurity challenges facing the healthcare industry and suggests several potential policy changes that could help to improve healthcare cybersecurity and better protect all health information, including health… Read More »

Two class action lawsuits have been filed on behalf of patients whose protected health information (PHI) was impermissibly disclosed to Meta/Facebook as a result of the use of the Meta Pixel JavaScript code snippet on the websites and web applications of Advocate Aurora Health and WakeMed Health and Hospitals. Advocate Aurora Health said the PHI… Read More »

Aveanna Healthcare has agreed to pay a $425,000 financial penalty to the Office of the Attorney General of Massachusetts for failing to implement appropriate safeguards to prevent phishing attacks, in violation of state and federal laws. Aveanna Healthcare operates in 33 states and is the nation’s largest provider of pediatric home care. In the summer… Read More »

The medical claims processor, CorrectCare Integrated Health, has recently notified its clients that the protected health information of some of their patients was accidentally exposed over the Internet and may have been accessed by unauthorized individuals. On July 6, 2022, CorrectCare discovered two file directories on its web server had been misconfigured and could be… Read More »

Several more providers of anesthesia services have confirmed they have been affected by a data breach at their management services organization (MSO). Last month, HIPAA Journal reported that 13 providers of anesthesia services to hospitals had been affected by the breach. At least five more healthcare providers are now known to have been affected. The… Read More »

The White House has issued a proclamation from President Biden declaring November as Critical Infrastructure Security and Resilience Month – A month dedicated to raising awareness of the need to improve critical infrastructure and strengthening the resilience of critical infrastructure against physical and cyber threats. President Biden has recommitted to improving and fortifying critical infrastructure,… Read More »

MFA is one of the most important measures to take to prevent unauthorized account access; however, it does not provide complete protection and some forms of MFA can be circumvented. Any form of MFA is better than none at all, but for maximum protection, organizations should implement phishing-resistant MFA, especially in industries such as healthcare… Read More »

Last week, the OpenSSL Project announced a patch would be released on November 1, 2022, to address a critical OpenSLL vulnerability, the details of which were being kept secret to prevent exploitation of the flaw ahead of the patch being released. The news of the vulnerability caused considerable concern amongst the open source community and… Read More »

The Department of Health and Human Services (HHS)’ Office for Civil Rights (OCR) has released a video presentation on its YouTube channel that explains in detail how the 2021 HITECH Act amendment regarding “Recognized Security Practices” applies to HIPAA-regulated entities, and how HIPAA-regulated entities can demonstrate to OCR that Recognized Security Practices have been in… Read More »

Polygon, a West Hollywood-based psychology practice that provides remote diagnostics for dyslexia, dysgraphia, dyscalculia, ADHD, and other learning differences, has recently been confirmed as having implemented an effective HIPAA compliance program and was verified as in full compliance with the regulatory standards of the HIPAA Privacy, Security, Breach Notification and Omnibus Rules and the HITECH… Read More »