HIPAA Network Security

For a HIPAA covered entity (i.e., a health provider), there is often a direct relationship between the health of the network and the health of the entity’s wallet, so to speak. A healthier network with strong security measures, is one less likely to be the subject of a complaint made to (and resultant fine assessed by) the Department of Health and Human Services’ (HHS) Office for Civil Rights. The [...]

2020-01-23T14:17:37-05:00January 23rd, 2020|

Hospital Data Breaches and Patient Deaths

Researchers for the journal Health Services Research recently conducted a study to determine whether there is a relationship between hospital data breaches and patient deaths. Of particular interest was whether or not remediation efforts for hospital data breaches diminished the quality of hospital care.  Remediation Efforts for Hospital Data Breaches: Related to Quality of Patient Care? A hospital data breach is the unauthorized acquisition, access, use, or disclosure, in [...]

2020-01-06T11:36:03-05:00December 19th, 2019|

What is the Ryuk Ransomware Decryptor Bug?

In 2019 alone, at least 3 managed service providers (MSPs) have been attacked by Ryuk ransomware. A Russian-based eCrime group that calls itself “WIZARD SPIDER” has been operating the Ryuk ransomware since August 2018. This group has directed its attacks toward large, enterprise organizations in the hopes of receiving a large ransom sum. Victims of Ryuk ransomware have been using a decryptor to recover their data. However, a bug [...]

2020-01-03T15:56:57-05:00December 12th, 2019|

 HIPAA Business Email Compromise 

A cyberthreat known as business email compromise has caused businesses, religious institutions, educational institutions, non-profits, and other companies, to lose billions of dollars since the FBI first began tracking the threat in 2013. Business email compromise (BEC) - also known as CEO impersonation - is a favorite crime of Internet con artists because the practice relies on what any con operation requires for success: deception. These criminals target a [...]

2020-01-03T14:56:11-05:00December 10th, 2019|

Congress Introduces the Smartwatch Data Act

Congress recently introduced the Stop Marketing and Revealing the Wearables and Trackers Consumer Health Data Act, nicknamed the Smartwatch Data Act. The legislation, introduced by Democratic Senator Jacky Rosen and Republican Senator Bill Cassidy, aims to ensure that health data collected through fitness trackers, smartwatches, and health apps, cannot be sold without consumer consent. What is the Smartwatch Data Act? The Smartwatch Data Act is aimed to fill in [...]

2020-01-02T15:49:29-05:00November 25th, 2019|

HIPAA Compliant Laptops

HIPAA regulations require healthcare organizations and individual care providers to take measures to keep patient data secure. Failure to do so can result in fines, if an organization suffers a breach of unsecured PHI.  The HIPAA Security Rule requires that mobile devices be rendered secure. Security Rule requirements needed for HIPAA compliant laptops are discussed below. What is a Security Risk Assessment? The HIPAA Security Rule requires that covered [...]

2020-01-02T10:44:04-05:00November 13th, 2019|

What are HIPAA Operating System Requirements? 

The HIPAA Security Rule, requires covered entities and business associates to develop effective administrative, technical, and physical safeguards to ensure protected health information (PHI) is secure. The Security Rule does not impose minimum HIPAA operating system requirements for a business’ computer systems. Indeed, the HIPAA Security Rule generally does not impose any specific HIPAA software requirements (including HIPAA operating system requirements) on entities. No provision of the Security Rule [...]

2019-12-31T12:06:34-05:00November 11th, 2019|

HIPAA Antivirus Software

The HIPAA Security Rule contains administrative safeguards in the form of security standards. One of these standards requires covered entities and business associates to implement a security awareness and training program for all workforce members. Implementation consists of (among other activities) developing procedures for guarding against, detecting, and reporting malicious software. The government has not “certified” any particular antivirus software program as the “HIPAA Antivirus Software” an organization must [...]

2019-12-31T10:49:40-05:00November 5th, 2019|

HIPAA Compliance for Non-Covered Entities

The HIPAA law subjects covered entities - defined as health plans, health providers, and healthcare clearinghouses - to its regulatory scheme. By definitions, non-covered entities are not subject to HIPAA regulations. Apps and consumer devices that collect protected health information (PHI), and the vendors that manufacture them, do not meet the definition of a “covered entity.” However, a number of organizations have called for HIPAA compliance for non-covered entities, [...]

2019-12-31T10:10:36-05:00November 4th, 2019|

19,500 UAB Medicine Patients Affected by Healthcare Phishing Attack

The University of Alabama (UAB) Medicine is the latest victim of a healthcare phishing attack, affecting 19,500 patients. A phishing attack occurs when a hacker disguises themselves as a trusted entity, prompting email recipients to click on a malicious link, allowing unauthorized access to their system. Healthcare phishing attacks have become more prevalent as protected health information (PHI) is more valuable on the darkweb than financial information.  In the [...]

2019-12-31T09:54:25-05:00November 1st, 2019|