It is not always the feared and dreaded “hackers” that cause the exposure and breach of confidentiality of sensitive personal information. Sometimes it’s just simple mistakes, but the consequences can be much the same. Consider this situation: NTreatment inadvertently exposed thousands of medical records online by neglecting to add password protection to one of its…
Tag: HIPAA
Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? (publication)
Many thanks to HealthcareITNews for publishing my recent article Why did Lifespan Health face such a stiff HIPAA penalty for a stolen laptop? Read more
Key Lesson All Business Leaders Can Learn From the Anthem Data Breach Case
The 2015 Anthem data breach affected 79 million people and was the largest health-care data breach in U.S. history. The affected consumers sued Anthem in a case that settled for a record $115 million. Now the U.S. Dept. of Health and Human Services’ Office of Civil Rights has reached a settlement with Anthem for a record…
FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules
Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA…
Allscripts EHR Ransomware Attack is Huge–How Will it Impact Healthcare Practices?
See recommendations below On January 19, 2018, cybercriminals were successful in a ransomware attack on Allscripts, an electronic healthcare record (EHR) provider for healthcare providers across the United States. The attack encrypted some of Allscripts systems and prevented those healthcare providers who use those systems for their EHRs from being able to access their patient records. Not…
OCR Issues Cyberattack Response Checklist and Infographic
The United States Department of Health and Human Services’ Office for Civil Rights has just issued a checklist and infographic to aid healthcare organizations and their vendors in quickly responding to cyberattacks in compliance with HIPAA requirements.
Are Smaller Healthcare Practices Required to Report a #Ransomware or Potential Data Breach?
Does the HIPAA Breach Notification Rule apply to all Covered Entities and Business Associates, Even Smaller Ones? To many of you reading this post this question seems ridiculous. You know the answer. However, I get asked this question so frequently that I decided to answer it with a blog post to save time next time…
Why is Healthcare Data So Valuable to Cyber Criminals?
Healthcare data is one of the most desirable forms of data for cyber criminals to steal because its value on the cyber black market — the Dark Web — is much higher than most other forms of data. While there are several reasons for this, the recent study Your Life, Repackaged and Resold: The Deep…
Does Data Security Have Your Healthcare Practice “On the Hook”?
I recently had the pleasure of presenting in a webinar series titled Is Your Practice “On the Hook?” to members of the Texas Dental Association and the Oklahoma Dental Association. Key points of the presentation, which focused on cyber security and data breaches in the healthcare industry, explained why protected health information (PHI) and electronic healthcare…
Why do cyber criminals want your healthcare data?
During a recent presentation a member of the audience asked me why cyber criminals would want to steal a person’s healthcare data. It is easy to understand why they would want to steal payment card data — but healthcare data — not so obvious. Here is a great answer: A crook would love [healthcare data] because, “in the world…