A group of vulnerabilities dubbed Access:7 have been identified in the web-based technologies PTC Axeda and Axeda Desktop Server which are used to allow one or more people to securely view and operate the same remote desktop via the Internet. If exploited, an attacker could gain full system access, remotely execute code, trigger a denial-of-service… Read More »

Email account breaches have been reported by Montrose Regional Health, EPIC Pharmacy Network, and Acacia Network, and North Shore University Hospital has reported an incident involving a former employee accessing protected health information without authorization. Montrose Regional Health The Colorado-based health system Montrose Regional Health has recently started notifying 52,632 patients that some of their… Read More »

Many sources explaining why HIPAA compliance is important for healthcare professionals tend to focus on the purpose of HIPAA regulations rather than the benefits of compliance for healthcare professionals. The same sources also tend to focus on how noncompliance affects patients and employers, rather than the impact it can have on healthcare professionals´ lives. This… Read More »

The HHS’ Health Sector Cybersecurity Coordination Center has released a new report – Health Sector Cybersecurity: 2021 – Retrospective and 2022 Look Ahead – that provides a retrospective look at healthcare cybersecurity over the past 3 decades, detailing some of the major cyberattacks to hit the healthcare industry starting with the first-ever ransomware attack in 1989.… Read More »

Halifax County Public Health System (HCPHS) has been confirmed as having implemented an effective HIPAA compliance program by Compliancy Group. HCPHS is part of the North Carolina Public Health statewide system and promotes and contributes to the highest possible level of health for the residents of Halifax County through programs related to child health, communicable… Read More »

The Healthcare and Public Health Sector Coordinating Council (HSCC) has published a new Model Contract Language template for healthcare delivery organizations (HDOs) to use when procuring new devices from medical device manufacturers (MDMs) to ensure each party is aware of its responsibilities for cybersecurity and device management. “Medical device cybersecurity responsibility and accountability between MDMs… Read More »

The development, implementation, and enforcement of HIPAA policies and procedures is the cornerstone of HIPAA compliance. Without policies and procedures to provide guidelines, members of Covered Entities´ and Business Associates´ workforces will be unaware of how they should carry out their functions in compliance with HIPAA, how they should react when specific events occur, and… Read More »

There have been calls for healthcare organizations to take steps to improve security due to a major rise in hacking incidents, ransomware attacks, and vulnerability disclosures in 2021. Record numbers of healthcare data breaches were reported last year, and tens of millions of healthcare records were compromised. Adhering to the minimum requirements of the HIPAA… Read More »

A round-up of data breaches that have recently been reported by healthcare organizations that have involved the exposure or theft of individuals’ personal and protected health information. Catholic Health Services Reports Breach of Employee Email Accounts Miami Lakes, FL-based Catholic Health Services has discovered the email accounts of three Catholic Hospice employees have been accessed… Read More »

This week, researchers at Palo Alto’s Unit 42 team published a report that shows security gaps and vulnerabilities often exist in smart infusion pumps. These bedside devices automate the delivery of medications and fluids to patients and are connected to networks to allow them to be remotely managed by hospitals. The researchers used crowdsourced scans… Read More »