New HIPAA Guidance on Ransomware Attacks and ePHI Security

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) has released new HIPAA guidance about how HIPAA-beholden entities can better equip themselves to deal with ransomware attacks. Ransomware is a targeted kind of malware attack that takes data 'hostage.' The attackers responsible then give the organization a countdown to a time at which they expect to receive a 'ransom' in exchange for restored access [...]

2023-08-08T10:36:49-04:00July 22nd, 2016|

Congress to Establish Chief Information Security Officer Within HHS

A bill to establish an Office of the Chief Information Security Officer (CISO) at the Department of Health and Human Services (HHS) was introduced in the House of Representatives. The office would issue guidance to better protect sensitive personal information and data from potential exposure to cyberattacks. Reps. Billy Long (R-Mo.) and Doris Matsui (D-Calif.) sponsored the HHS Data Protection Act of 2016, which seeks [...]

2023-08-08T10:49:53-04:00May 10th, 2016|

Research Institute Fined $3.9 Million for HIPAA Violations After Laptop Theft

A New York biomedical research institute will pay $3.9 million to settle potential HIPAA violations, making this one of the largest fines ever levied in the wake of a HIPAA security breach. The fine comes after allegations that the Feinstein Institute for Medical Research, a large health system headquartered in Manhasset, NY, allowed a laptop containing protected health information (PHI) to be stolen from the [...]

2023-08-07T15:58:36-04:00March 22nd, 2016|