The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled two ransomware cases with covered entities. These cases signal the government's growing concern with health care...more
10/11/2024
/ Corrective Action Plans (CAPs) ,
Department of Health and Human Services (HHS) ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Violations ,
OCR ,
Popular ,
Ransomware ,
Risk Assessment ,
Settlement
In the aftermath of a vendor's hack that crippled an industry, ensure your business is up to date on best practices for mitigating the risks of third-party cyber incidents. Many businesses struggle to adequately consider the...more
On May 31, 2023, renowned managed file transfer solution provider Ipswitch, Inc. revealed a zero-day vulnerability in its flagship solution, MOVEit Transfer, that can enable mass data theft from thousands of organizations....more
Health care providers of all sizes should be reviewing their Distributed Denial of Service (DDoS) mitigations and response plans immediately. On February 2, a pro-Russia hacktivist group, dubbed "Killnet," called upon all of...more
Statistics show that cybercrime increases significantly during the holiday season. Threat actors anticipate that workers are distracted and more likely to fall victim to a phishing email scam than any other time of the year....more
The deadline for submitting an annual notice of a Health Insurance Portability and Accountability Act (HIPAA) Breach to the Secretary of the Department of Health and Human Services (the Secretary) is quickly approaching. ...more
On January 23, 2020, the United States District Court for the District of Columbia declared sections of the 2013 Omnibus Rule unlawful. The Court found that the Department of Health and Human Services (HHS) impermissibly...more
2/5/2020
/ Administrative Procedure Act ,
Covered Entities ,
Department of Health and Human Services (HHS) ,
EHR ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Access Request ,
HIPAA Omnibus Rule ,
HITECH Act ,
Lack of Authority ,
Notice and Comment ,
PHI ,
Popular ,
Third-Party Rights ,
Unlawful Policies ,
Vendors
The Stop Hacks and Improve Electronic Data Security (SHIELD) Act, signed by Governor Cuomo on July 25, 2019, amends New York's data breach notification law for computerized data. The Act's new requirements take effect March...more
Organizations that meet the definition of "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations (HIPAA) must be diligent to maintain the privacy and security...more
4/23/2019
/ Business Associates ,
Covered Entities ,
Cyber Insurance ,
Data Breach ,
Data Privacy ,
Data Security ,
Data Use Policies ,
Electronic Protected Health Information (ePHI) ,
Employee Training ,
Encryption ,
Health Insurance Portability and Accountability Act (HIPAA) ,
HIPAA Privacy Rule ,
Long Term Care Facilities ,
Long-Term Care ,
OCR ,
Passwords ,
Patient Privacy Rights ,
Patients ,
Phishing Scams ,
Popular ,
Portable Devices ,
Risk Assessment
Insurers and organizations regulated by state insurance departments need to be prepared to meet the requirements of the model data security law, which may be finalized this year. In late 2014, the National Association of...more