BLOG

Take a deep breath, this is not your typical COVID-19 blog entry. We are going to talk about everything else we need to manage in Information Security during the crisis to keep the wheels on the bus as we make sharp turns at high speeds in response to the pandemic. Read More

A wave of new state privacy regulations has healthcare entities scrambling to stand up programs to address patient information protections. On the heels of ground-breaking Global Data Protection Regulation (GDPR) mandates out the EU, U.S. regulators in over 20 states are starting to incorporate privacy controls including new and proposed legislation. One of the most prominent and comprehensive new privacy laws is the California Consumer Privacy Act (CCPA). This blog post provides a quick summary of the CCPA law and implications for healthcare entities. Read More

On March 5th, HIMSS announced the cancellation of their flagship national healthcare conference just days before the event was set to take place in Orlando, Florida. Just a few days earlier, the state of Florida had declared a state of emergency surrounding the global outbreak of the COVID-19 Coronavirus which has prompted cascading economic and business operational impacts for healthcare entities. Read More

Healthcare has become a prime target for malicious actors bent on profiting from the resale and reuse of patient information. Healthcare entities are scrambling to sure up security controls for their own organizations and third-party business partners as the sprawl of patient information continues to drive widespread data breach events. Read More

Healthcare has become a prime target for malicious actors bent on profiting from the resale and reuse of patient information. Healthcare entities are scrambling to sure up security controls for their own organizations and third-party business partners as the sprawl of patient information continues to drive widespread data breach events. Read More

The vision for 2020 healthcare security and privacy is clouded with emerging security threats, compliance and enforcement activity, and rapidly evolving business models and regulatory landscapes. However, we can also see many opportunities on the horizon this year and beyond to improve the industry’s privacy and security protections of healthcare organizations and patient information. Read More

A recent publication from KrebsOnSecurity highlights an alarming shift in cybercriminals approach to getting paid for successful ransomware infections. Operators of the new strain of Maze ransomware are starting to release sensitive information of ransomware victims that fail to pay up. Healthcare entities subject to strict HIPAA breach notification requirements may end up with a double-whammy of inaccessible Electronic Health Records and regulatory compliance action. Read More

A new structure for HIPAA violation Civil Monetary Penalties (CMP) was announced by the OCR on April 26, 2019. This change greatly reduces the financial risk of HIPAA breach violations for covered entities that can demonstrate updated security risk management plans, policies and procedures for sensitive patient data. Read More