NIST Seeks Public Comment on Cybersecurity Resource Guide

In 2008, the National Institute of Standards and Technology (NIST) organization published guidance as to how covered entities and business associates were expected to implement HIPAA Security Rule requirements. At the end of April of 2021, the NIST organization announced that it is planning to update this cybersecurity guide. The NIST organization is seeking public comment as to what should be included in the new cybersecurity guide. The [...]

2022-05-06T14:38:11-04:00May 20th, 2021|

7 Tips to Improving Healthcare Security

Ransomware attacks continue to rise, especially those targeting healthcare organizations. Hackers often target healthcare organizations in ransomware attacks to disrupt operations in hopes that the organization will pay a ransom. Healthcare organizations are also targeted in data theft incidents because patient information can be extremely valuable on the black market. This is why it has never been more important to protect your organization by improving your healthcare security. [...]

2022-05-06T14:38:11-04:00May 11th, 2021|

5 Tips on How to Complete a Risk Assessment

Are you worried about completing your HIPAA risk assessment? Many organizations are. To provide you with guidance, 5 tips on how to complete a risk assessment are discussed. Educate yourself on the HIPAA Security Rule Identify risks and vulnerabilities Create and implement remediation plans Use a risk assessment tool Repeat annually How to Complete a Risk Assessment Completing your [...]

2022-07-12T12:07:38-04:00April 15th, 2021|

Large Volume of Patient PHI Discovered on GitHub Website

GitHub is an open-source software development hosting website, with millions of developers building and maintaining their software on the platform. In December of 2020, GitHub was notified by security researchers Jelle Ursem and Dissent Doe of, that some of the data of Med-Data, Inc. (MedData), had been uploaded to GitHub. MedData provides revenue cycle management services for hospitals and health systems throughout the United States. Recently, MedData [...]

2022-05-06T14:44:03-04:00April 5th, 2021|

12 Tips to Improve Healthcare Security

With 1.2 million patients affected by February 2021 healthcare breaches, healthcare security should be at the top of mind for organizations working with patient information. Therefore, healthcare and cybersecurity are both important to maintain. To provide guidance on protecting your organization against breaches, 12 tips to improve your healthcare security are discussed. How to Improve Healthcare Security There are 12 things that you [...]

2022-05-06T14:38:12-04:00March 26th, 2021|

100K Patients Affected by Arizona Eyecare Breach

A ransomware attack occurring on January 13 affected up to 100,000 eyecare patients. The Arizona eyecare breach targeted Cochise Eye and Laser, maliciously encrypting their patients’ files. More details are discussed. Cochise Eye and Laser Eyecare Breach Cochise Eye and Laser runs three eyecare medical offices in Arizona, treating thousands of patients. On January 13, 2021, Cochise Eye and Laser was targeted by a ransomware attack that compromised [...]

2022-05-06T14:44:05-04:00March 8th, 2021|

SolarWinds Hack Blamed on Intern Mistakes

As an organization that specializes in cybersecurity, SolarWinds did a particularly poor job of protecting their file server. This is evident by the fact that not only did they give an intern login credentials that allowed access to their servers, but the password they chose to protect the server was something a child could guess, ‘solarwinds123.’ More details on the SolarWinds hack, and how it could have been [...]

2022-05-06T14:44:05-04:00March 1st, 2021|

Third-Party Causes Kroger Pharmacy Breach

The influx of third-party breaches should be of concern for any organization working in healthcare. Hackers often target third-party providers to access the sensitive data that they manage for their clients. This fact is evident by the recently announced Kroger pharmacy breach which stemmed from a vulnerability in their file transfer provider, Accellion. More details about the Kroger pharmacy breach are discussed. What We Know About the Accellion [...]

2022-05-06T14:44:06-04:00February 23rd, 2021|

Virginia Consumer Data Protection Act Expected to Become Law

The Virginia House of Delegates and Senate have passed legislation known as the Virginia Consumer Data Protection Act (CDPA). The personal data act is expected to reach the desk of Virginia Governor Ralph Northam, who may sign the legislation by as early as the end of February of 2021. The CDPA is modeled on the California Consumer Privacy Act (CCPA), California’s expansive consumer data privacy protection law, and [...]

2021-03-08T11:16:07-05:00February 19th, 2021|

EHR Breach Affects 219K Patients

In September, Nebraska Medicine reported that it had suffered a cyberattack targeting its electronic health records (EHR) system. More details on this healthcare cyber attack and EHR data breach are discussed.  Nebraska Medicine EHR Breach On September 20, 2020, Nebraska Medicine discovered that its networks and servers had been compromised when patient files were unable to be accessed. It quickly became evident that [...]

2022-05-06T14:44:07-04:00February 17th, 2021|