Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

Employee snooping cause of breach at Va. health system

Hundreds of patients at Riverside Health System in Newport News, Va., will receive free credit monitoring services after a random audit determined that an employee had inappropriately accessed EMR data.

Practice hit by $150K fine for lacking thorough security policies

A Massachusetts dermatology practice has agreed to a $150,000 settlement for privacy and security violations. Adult & Pediatric Dermatology, which offers services in Massachsuetts and New Hampshire, also is required to put a corrective action plan in place to fix deficiencies in its HIPAA compliance program, according to the settlement with the Department of Health and Human Services.

Health information collected, sold by ‘data broker' industry

A multi-billion dollar industry “that largely operates hidden from consumer view” is systematically collecting, using and selling consumer data for marketing purposes, according to a 42-page report from the Senate Committee on Commerce, Science and Transportation.

Thumbnail

Go Direct for Improved & Secure Interoperability Between EHRs

President & CEO of DirectTrust, David C. Kibbe, MD, MBA, shares how Direct messaging is driving interoperability and privacy of protected health information.

Integrating privacy, security for better compliance

Moving the privacy and security of healthcare function from the IT department to the compliance team may be a good move for healthcare organizations, according to Phil Curran, chief information security and privacy officer for Cooper University Health Care in Camden, N.J. Curran spoke during a Dec. 17 webinar on integrating privacy and security presented by the Institute for Health Technology Transformation.

AHA comments on NIST proposed cybersecurity framework

In response to the National Institute of Standards and Technology's call for comments regarding a cybersecurity framework, the American Hospital Association is urging the agency to ensure that the framework remains flexible and voluntary within the healthcare industry's private sector.

Thumbnail

OIG: OCR failed to meet federal requirements in HIPAA oversight

The Office of Civil Rights failed to meet several federal requirements necessary to the oversight and enforcement of the Health Insurance Portability and Accountability Act security rule, according to a recent report from the Department of Health and Human Services Office of Inspector General.

Calif. system's patient data was available on Google

A California hospital system left the data of 32,755 of its patients exposed online.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.