Guided by a "human-centered" principle, there is nothing more critical to Tri-Counties Regional Center (TCRC), than protecting and promoting the lives of those with developmental disabilities. That is why TCRC proactively secures Personal Health Information (PHI) to protect the people behind that information. Critical...
Federal regulators have hit a California-based healthcare provider with a $3 million HIPAA settlement related to two breaches involving misconfigured IT. It's the latest in a recent series of hefty penalties issued in HIPAA cases.
The digital revolution has given healthcare organizations new tools to increase team efficiency and improve their customer experience. But it's also opened up new vectors that cybercriminals can use to attack. As your attack surface expands to infrastructure that you don't own or control, becomes increasingly...
Alaska state authorities are notifying up to 700,000 individuals of a health department data breach that originally was reported to federal regulators last June as affecting only 501 people. Why is it so difficult to determine the scope of some breaches?
How do data privacy and security matters affect organizations that are contemplating a merger or acquisition? Attorney Iliana Peters offers insights into cybersecurity, data breach and compliance issues that can potentially doom a deal.
An EU General Data Protection Regulation enforcement action against a hospital in Portugal demonstrates complying with GDPR may be even tougher than complying with HIPAA. Regulatory experts analyze the implications of the case.
In at least the fourth federal HIPAA case involving improper disclosure of patient information to the media, federal regulators have slapped a three-doctor practice in Connecticut with a financial penalty.
An inside view of what HHS OCR is seeing on the healthcare sector privacy and security landscape, and what the agency has in the works to address those challenges. That includes:
Insights from OCR's latest breach and compliance investigations of covered entities and BAs.
An update on OCR's HIPAA enforcement...
Organizations that don't properly guard their employees' healthcare data and violate HIPAA privacy standards are liable for large fines and often suffer significant brand damage and other negative consequences.
If hackers break into a healthcare company's systems, or an employee leaves a laptop in a coffee shop or...
This week's edition of the ISMG Security Report features an analysis of whether the U.K.'s fine of Facebook for the Cambridge Analytica scandal is just the beginning of regulatory enforcement action. Plus: A potential settlement of Yahoo breach lawsuit and tips on securing data in the cloud.
Health insurer Anthem had earned HITRUST Common Security Framework certification before its mega-breach. Now that the insurer has agreed to a $16 million HIPAA settlement with federal regulators, who spelled out the company's security shortcomings, it's worth scrutinizing the value of adopting a framework.
Federal regulators have smacked health insurer Anthem with a record $16 million HIPAA settlement in the wake of a cyberattack revealed in 2015, which impacted nearly 79 million individuals. What missteps does the settlement highlight?
Health insurer Aetna is still paying the price for two 2017 privacy breaches involving mailings that potentially exposed HIV and cardiac condition information about thousands of individuals. Here's the latest update.