May 2022 saw a 25% increase in healthcare data breaches of 500 or more records. 70 data breaches of 500 or more records were reported to the Department of Health and Human Services’ Office for Civil Rights (OCR) in May 2022, which is the highest monthly total this year and well above the 12-month average… Read More »
Hillrom Medical Device Management has announced that two vulnerabilities have been identified in certain Welch Allyn medical devices. If exploited the vulnerabilities could allow an unauthorized attacker to compromise software security by executing commands, gaining privileges, and reading sensitive information while evading detection. The vulnerabilities affect the following Hillrom products: Welch Allyn ELI 380 Resting… Read More »
The HHS’ Health Sector Cybersecurity Coordination Sector (HC3) has published guidance for healthcare organizations to help them improve their cyber posture. Cyber posture is the term given for the overall strength of an organization’s cybersecurity, protocols for predicting and preventing cyber threats, and the ability to continue to operate while responding to cyber threats. To… Read More »
Lake Mary, FL-based Central Florida Inpatient Medicine (CFIM) has recently discovered that the email account of an employee has been accessed by an unauthorized individual, who may have viewed emails and files containing patients’ protected health information. The substitute breach notice states that CFIM learned that the email account contained sensitive patient data on May… Read More »
Healthcare providers, health plans, healthcare clearinghouses, and business associates of those entities that come into contact with protected health information (PHI) are required to ensure policies, processes, and people are compliant with the Rules of the Health Insurance Portability and Accountability Act (HIPAA). Ensuring you have a good security posture is an important part of… Read More »
A new bill has been introduced by Sen. Elizabeth Warren (D-MA) that seeks to ban data brokers from selling the health and location data of Americans. The bill, The Health and Location Data Protection Act, was co-sponsored by Sens. Ron Wyden (D-OR), Chair of the Senate Finance Committee; Patty Murray (D-WA), Chair of the Senate… Read More »
A bipartisan bill – The Strengthening Cybersecurity for Medical Devices Act – has been introduced which calls for the U.S. Food and Drug Administration (FDA) to review and update its guidelines on medical device cybersecurity more frequently to ensure devices are protected from potential hacking and cyberattacks. The bill, introduced by Sen. Jacky Rosen (D-NV)… Read More »
An analysis of hospitals’ websites has revealed one-third of the top 100 hospitals in the United States are sending patient data to Facebook via a tracker called Meta Pixel, without apparently obtaining consent from patients. Meta Pixel is a snippet of JavaScript code that is used to track visitor activity on a website. According to… Read More »
The Department of Health and Human Services (HHS)’ Office of the National Coordinator for Health Information Technology (ONC) and the Office for Civil Rights (OCR) have released a new version of the HHS Security Risk Assessment (SRA) Tool. The HIPAA Security Rule requires HIPAA-regulated entities to conduct a comprehensive, organization-wide risk analysis to identify the… Read More »
Texas Tech University Health Sciences Center has confirmed that the protected health information of 1,290,104 patients was compromised in a data breach at its electronic medical record vendor, Eye Care Leaders. Eye Care Leaders said it detected a breach on Dec. 4, 2021, and disabled the affected systems within 24 hours. Texas Tech University Health… Read More »