Federal regulators have released a draft of a trusted health information exchange framework with some detailed security components that go beyond HIPAA requirements. The goal is to advance secure national health data exchange so that clinicians have quicker access to potentially life-saving information.
So what actions can we expect in 2018 from the Department of Health and Human Services' Office for Civil Rights as it enforces the HIPAA privacy, security and breach notification rules? Making a prediction is difficult, given all the changes at HHS.
Compared to the mega-breaches that hit the healthcare sector in 2015 and 2016, the top 10 breaches reported for 2017 were far smaller. Security experts analyze whether that's really a sign of progress.
In an usual move, federal regulators have made arrangements to have a cyber insurer cover a $2.3 million HIPAA penalty on behalf of a bankrupt cancer care clinic chain, 21st Century Oncology, which also signed false claims settlements totaling $26 million.
The healthcare industry (hospitals in particular) is one of the top industries targeted for cybercrime. Given the high value of a stolen healthcare record, motivated adversaries will continue to go where the money is.
Download this guide and learn:
The three most common DLP use cases in healthcare systems;
Hospitals and healthcare organizations must ensure that both their mundane and highly-sensitive information is protected and compliant, which is where content aware data loss prevention comes in.
To ensure your data is not breached, download this whitepaper and learn:
How to identify project priorities and...
When a healthcare system wanted to ensure HIPAA/EDI compliance, they undertook a risk assessment to better understand their security posture. They uncovered sensitive data being sent out over the internet instead of through a secure channel which had been set up.
Download this case study and learn how SCHS was able...
With the rise in ransomware attacks targeting healthcare organizations, the U.S. Department of Health and Human Services (HHS) has issued a guidance document that explains the basics of ransomware, what organizations should do in the event of data breach, and how to contain the attack from stealing sensitive patient...
Healthcare is the only industry where employees are the primary reason for a data breach. A variety of motives including monetary gain, negligence or the need to access patient data quickly lead to Patient Health Information (PHI) loss.
Download this whitepaper and learn:
Real world scenarios that put PHI data at...
Complicating healthcare compliance efforts is the growing trend of migrating patient data to cloud storage and hosted applications such as Health Information Exchange systems. The cloud lowers costs and improves efficiency, but widens the attack surface for data breaches.
To counter this challenge, download this...
Every new cybersecurity regulation includes at least some emphasis on improving vendor risk management. But what happens when vendors balk at the extra degree of scrutiny required? Moffitt Cancer Center's Dave Summitt describes his risk-based approach to business associates.
HealthcareInfoSecurity Executive Editor Marianne Kolbasuk McGee reflects on the just-concluded Healthcare Security Summit in New York in the latest edition of the ISMG Security Report. Also, PCI Security Standards Council CTO Troy Leach addresses ransomware risks.
Clearly, adherence to HIPPA, NIST and other regulators in healthcare is paramount, but that does not mean that your organization isn't vulnerable to cybercrime hacking. When the average breach is worth $3.62 million with $380 per patient record compromised (as per Ponemon's 2017 Cost of
a Data Breach Report), the...