Cybersecurity

The digital security of healthcare institutions and data is a growing concern, with an increasing number of cyberattacks each year against healthcare systems, which are seen as easy targets. Cyber attacks often use ransomware to target personal health information, patient data and medical devices to cut off access to the data until a ransom is payed to the hacker. Cybercriminals have become more sophisticated, using malware, ransomware and spyware to attack outdated and vulnerable systems and software. Due to the interconnected nature of hospital IT systems today, the weakest link can be older web-enabled medical devices, including clinical and non-clinical systems. Employees are also a major target of attacks via malicious e-mails that prompt them to open attachments that then download malware onto the hospital's IT system.

ONC privacy officer talks culture, human error, ROI

BOSTON—HITECH ensures that providers have the technology to comply with HIPAA, and HIPAA offers an incentive for providers to include in other parts of their business outside of the EHR system, said Joy Pritts, JD, chief privacy officer at the Office of the National Coordinator for Health IT, during the second annual HIMSS Privacy & Security Forum.

Partners CISO: 'Don't let HIPAA drive efforts'

BOSTON—The healthcare industry needs to stop letting HIPAA drive privacy and security efforts and focus on the patient instead, said Jennings Aske, JD, chief information security and privacy officer at Partners HealthCare in Boston, who spoke during the second annual HIMSS Privacy & Security Forum.

Most cyberattacks are easy to execute

BOSTON--The vast majority (78 percent) of cyberattacks across all industries require low or very low difficulty to execute. “I could teach this room in one day how to do a low difficulty attack,” said Chris Wysopal, chief technology officer of Vericode, speaking at the second annual HIMSS Privacy & Security Forum.

Rodriguez outlines OCR's enforcement priorities

BOSTON--Speaking at the second annual HIMSS Privacy & Security Forum on Sept. 23, Office for Civil Rights Director Leon Rodriguez acknowledged the significance of the date. “Critical elements of the Omnibus Rule go into effect. Despite the changes, I would like to point out that the sun has risen in the same way today.”

OCR delays some HIPAA requirements

The Office for Civil Rights of the Department of Health and Human Services is delaying its enforcement of the requirement that certain HIPAA–covered laboratories revise their Notices of Privacy Practices to comply with the modifications made to the HIPAA rules published in the Federal Register on Jan. 25, also known as the Omnibus Rule.

Model privacy practice notices available

Model Notices of Privacy Practices are available for healthcare providers and health plans to use to communicate with their patients and plan members.

Survey: Medical identify theft on the rise

Consumers are increasingly at risk of medical identity theft and could face serious medical and financial consequences, according to a recent Ponemon Institute survey.

Email mistake impacts 670 Kaiser patients

Kaiser Permanente is notifying 670 northern California patients of a HIPAA privacy breach after an emailed attachment containing the protected health information of patients was sent to a recipient outside the Kaiser network. 

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.