Before passage of the 2013 HIPAA Omnibus Rule, genetic information was not specifically included in the HIPAA regulations’ definition of protected health information (PHI). With passage of the Omnibus Rule, genetic information is now specifically included in the definition of PHI. As such, covered entities must implement safeguards under the HIPAA Privacy Rule to prevent unauthorized use or disclosure of HIPAA genetic information. What is [...]
In 2019 alone, at least 3 managed service providers (MSPs) have been attacked by Ryuk ransomware. A Russian-based eCrime group that calls itself “WIZARD SPIDER” has been operating the Ryuk ransomware since August 2018. This group has directed its attacks toward large, enterprise organizations in the hopes of receiving a large ransom sum. Victims of Ryuk ransomware have been using a decryptor to recover their [...]
A cyberthreat known as business email compromise has caused businesses, religious institutions, educational institutions, non-profits, and other companies, to lose billions of dollars since the FBI first began tracking the threat in 2013. Business email compromise (BEC) - also known as CEO impersonation - is a favorite crime of Internet con artists because the practice relies on what any con operation requires for success: deception. These criminals target [...]
Managing HIPAA compliance can be a daunting task. The Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations, and the vendors that service them, to have safeguards in place to secure protected health information (PHI). However, there are often aspects of HIPAA compliance that are overlooked. With technological advancements, HIPAA law becomes even more confusing. Apps are increasingly used on professional and personal devices, [...]
HIPAA compliance for self-insured health plans is not black and white. The nature and extent of a self-insured health plan’s compliance is determined by several factors, including the nature of the business of the employer sponsoring the plans, business size, and business organizational structure, among other factors. What Are Self-Insured Health Plans? Self-insured health plans (also known as self-insured group health plans, or self-funded plans) [...]
Congress recently introduced the Stop Marketing and Revealing the Wearables and Trackers Consumer Health Data Act, nicknamed the Smartwatch Data Act. The legislation, introduced by Democratic Senator Jacky Rosen and Republican Senator Bill Cassidy, aims to ensure that health data collected through fitness trackers, smartwatches, and health apps, cannot be sold without consumer consent. What is the Smartwatch Data Act? The Smartwatch Data Act is [...]
HIPAA regulations require healthcare organizations and individual care providers to take measures to keep patient data secure. Failure to do so can result in fines, if an organization suffers a breach of unsecured PHI. The HIPAA Security Rule requires that mobile devices be rendered secure. Security Rule requirements needed for HIPAA compliant computers are discussed below. What is a Security Risk Assessment? The [...]
The convenience of using cloud storage has caused many businesses to use the technology. In the healthcare industry, the ability to quickly access patient’s protected health information (PHI) from various systems is important. However, when choosing a cloud provider, organizations working in healthcare must ensure that the service is HIPAA compliant. Is OneDrive HIPAA compliant? HIPAA Business Associates Agreements The Health Insurance [...]
An email breach at Magellan National Imaging Associates claims another covered entity victim, Geisinger Health Plan. Magellan, hired by the health plan to manage their radiology benefits, discovered on July 5 that an employee’s email account was compromised. The account in question had been sending out spam emails originating from outside of the U.S. since May. Although Geisinger is unable to determine whether or not [...]
The healthcare industry is the fastest growing industry in the U.S. economy and it is also the most vulnerable. Ransomware attacks are targeting healthcare organizations with increasing frequency, this is in part a result of the lack of knowledge surrounding cybersecurity best practices across the healthcare sector. A recent study determined that 24% of healthcare workers cannot identify malware on their computers and 18% cannot [...]
