An unsecured database belonging to the American medical AI platform provider Deep6.ai has been identified by security researcher Jeremiah Fowler and Website Planet. The database contained more than 800 million records of patients and physicians and could be accessed over the Internet by anyone without requiring a password. Deep6.ai has developed AI-based software that can… Read More »
A new study has revealed widespread security failures at healthcare organizations, including poor access controls, few restrictions on access to protected health information (PHI), and poor password practices, all of which are putting sensitive data at risk. The study, conducted by the data security and insider threat detection platform provider Varonis, involved an analysis of… Read More »
In July 2021, the notorious REvil (Sodinokibi) ransomware gang appeared to have ceased operations, with both its Tor payment site and data leak blog suddenly going offline. The DarkSide ransomware operation also went quiet, leading many security experts to believe that the operators of the ransomware-as-a-service (RaaS) operations were laying low or that there had… Read More »
Syracuse ASC, dba Specialty Surgery Center of Central New York, has started notifying 24,891 patients that some of their protected health information (PHI) was potentially accessed by unauthorized individuals who gained access to its computer systems. The breach was identified by Syracuse ASC around March 31, 2021, and steps were immediately taken to secure its… Read More »
The theme of the fourth week of Cybersecurity Awareness Month is “Cybersecurity First”, with the focus on getting the message across to businesses about the need for cybersecurity measures to address vulnerabilities in products, processes, and people. Cybersecurity Advice for Companies One study suggests 64% of companies worldwide have experienced some form of cyberattack and… Read More »
A recent study conducted by the Ponemon Institute on behalf of cybersecurity firm SecureLink has explored the state of third-party security and critical access management at healthcare organizations. As with other industry sectors, remote access to internal systems is provided to third parties to allow them to perform essential business functions. Whenever a third party… Read More »
Secure, HIPAA-compliant messaging platforms have clear, measurable benefits for healthcare delivery organizations and help to solve communication problems in hospitals. Efficient communication in healthcare is vital but all too often valuable time is wasted trying to communicate important information to busy healthcare professionals due to the continued use of outdated communication methods such as landlines,… Read More »
When a federal agency provides healthcare services, there may be circumstances in which employees need to undergo both HIPAA and Privacy Act training. In addition, as an increasing number of states enact their own privacy laws, there may also be occasions when employees of state agencies require HIPAA and Privacy Act training. The Privacy Act… Read More »
The regulations relating to HIPAA training for employees are deliberately flexible because of the different functions Covered Entities perform, the different roles of employees, and the different level of access each employee has to Protected Health Information (PHI). The degree of flexibility can create misunderstandings about which employees require training, what training should be provided,… Read More »
A recent survey conducted on Chief Information Security Officer (CISO) members of the College of Healthcare Information Management Executives (CHIME) and Association for Executives in Healthcare Information Security (AEHIS) has highlighted the impact cybersecurity incidents have had on the healthcare industry and the need for federal assistance to deal with the threats. The healthcare industry… Read More »