A warning has been issued to the healthcare and public health sector about a critical vulnerability in the OpenSSL software library. OpenSLL is an open source cryptographic library that is used by most operating systems and applications for implementing Transport Layer Security for secure Internet communications, including connections to websites and web applications. The OpenSSL… Read More »
A set of cross-sector Cybersecurity Performance Goals (CPGs) have been published by the Cybersecurity and Infrastructure Security Agency (CISA) for critical infrastructure organizations to adopt to achieve a minimum cybersecurity standard and better protect their networks and systems from attacks that threaten their ability to operate. In response to the May 2021 ransomware attacks on… Read More »
HIPAA training is important beyond “ticking the box” of HIPAA compliance. In this article, we explain how a fully trained and compliant workforce can deliver multiple benefits for organizations subject to HIPAA and provide 5 reasons why HIPAA training is important. HIPAA training is a requirement of the Privacy and Security Rules. According to the… Read More »
University of Michigan Health (Michigan Medicine) has recently announced that the protected health information of approximately 33,850 patients has potentially been compromised in a phishing attack. Suspicious activity was detected within its email environment and steps were immediately taken to secure the accounts to prevent further unauthorized access. Michigan Medicine said it was targeted in… Read More »
Passwords are an inexpensive and convenient form of authentication. While passwords can provide a high degree of protection, in practice they are a weak point that is commonly exploited by threat actors to gain access to internal networks and sensitive data. Brute force attacks are conducted to guess weak passwords, credential stuffing attacks succeed because… Read More »
The healthcare industry is an attractive target for cybercriminals and data thieves. Healthcare organizations store vast amounts of sensitive data that can be easily monetized. Large health systems are often targeted due to the high ransoms that can be demanded, as the recent attack on CommonSpirit Health demonstrated; however, attacks are conducted on healthcare organizations… Read More »
A Californian appellate court has recently confirmed the decision of the lower court to deny class action status for a lawsuit filed against a Californian healthcare provider over an insider data breach that affected 5,485 patients. In May 2018, the healthcare provider – Muir Medical Group IPA – discovered a former employee had accessed and… Read More »
The College of Healthcare Information Management Executives (CHIME) has recently provided feedback to the Federal Trade Commission (FTC) on its Advance Notice of Proposed Rulemaking (ANPR) on the Trade Regulation Rule on Commercial Surveillance and Data Security and has urged the FTC to hold health apps and data brokers accountable for illegal disclosures of health… Read More »
In its October 2022 cybersecurity newsletter, OCR has reminded HIPAA-regulated entities of their obligations with respect to security incidents, including clarifying the breach reporting timeframe and when the clock starts ticking. The number of healthcare data breaches being reported continues to increase. There was an almost 8% increase in reported data breaches of 500 or… Read More »
The American Civil Liberties Union of Rhode Island (ACLU of RI) is taking legal action against the Rhode Island Public Transit Authority (RIPTA) and UnitedHealthcare New England (UHC) over an August 2021 data breach that affected more than 22,000 individuals. According to RIPTA, a cyberattack on its systems was detected and blocked on August 5,… Read More »