The customizable telehealth solution provider, Let’s Talk Interactive, Inc., has recently demonstrated compliance with the federally mandated standards of the Health Insurance Portability and Accountability Act (HIPAA) and has been confirmed as having implemented an effective HIPAA compliance program. Vendors who service health care clients who come into contact with PHI in any way must… Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) has recently published a fact sheet on cyber threat information sharing to guide organizations reporting cyber incidents, which will help the agency mitigate current and emerging cybersecurity threats to U.S. critical infrastructure. Following the passing of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA), a… Read More »
A recent data breach at the email marketing platform vendor Mailchimp has prompted a warning from the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) about the risk of phishing attacks using the platform. The breach came to light when the cryptocurrency hardware wallet provider, Trezor, investigated a phishing campaign targeting… Read More »
The law firm BakerHostetler has published its 8th Annual Data Security Incident Response (DSIR) Report, which provides insights based on 1,270 data security incidents managed by the firm in 2021. 23% of those incidents involved data security incidents at healthcare organizations, which was the most targeted sector. Ransomware Attacks Increased in 2021 Ransomware attacks have… Read More »
The U.S. Food and Drug Administration (FDA) has issued new draft guidance for medical device manufacturers to help them incorporate cybersecurity protections into their products at the premarket stage, and to ensure security risks are managed for the full life cycle of the products. The FDA first released final guidance on premarket expectations for medical… Read More »
Charleston Area Medical Center Breach Affects 54,000 Patients Charleston Area Medical Center (CAMC) in Charleston, WV, has recently announced it was the victim of a phishing attack in which the email accounts of some of its employees were accessed by unauthorized individuals. The email accounts were compromised between January 10 and 11, 2022. CAMC discovered… Read More »
SuperCare Health, a Downey, CA-based post-acute, in-home respiratory care provider serving the Western United States, has recently started notifying 318,379 patients that some of their protected health information has been exposed and potentially accessed by unauthorized individuals in a cyberattack that occurred in July 2021. In its March 25, 2022, breach notification letters, SuperCare Health explained that… Read More »
The National Cybersecurity Center of Excellence (NCCoE) has released the final versions of two Special Publications that provide guidance on enterprise patch management practices to prevent the exploitation of vulnerabilities in IT systems. Cybercriminals and nation-state threat actors target unpatched vulnerabilities in software, operating systems, and firmware to gain access to business networks to steal… Read More »
The Department of Health and Human Services’ Office for Civil Rights has released a Request for information (RFI) related to two outstanding requirements of the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH Act). The HITECH Act, as amended in 2021 by the HIPAA Safe Harbor Act, requires the HHS consider… Read More »
An audit of Connecticut’s Health Insurance Exchange, Access Health CT, by the state auditor has revealed Access Health CT suffered 44 data breaches over the last 3.5 years that had not been fully reported and that sufficient steps had not been taken to safeguard sensitive data. The Connecticut Health Insurance Exchange acts as a health… Read More »