News and Toolkit Updates
From the PrivaPlan Blog
DOJ hits eClinicalWorks hard with $155 million settlement
Last week, eClinicalWork, a prominet ambulatory EHR vendor (who also just released their inpatient product), will pay $155 million as a result of a lawsuit settlement with the Department of Justice. The allegations include false representation of the product’s capabilities during ONC testing, as well as paying customers to use the software – violations of…
Survey finds 68% healthcare employees will share sensitive info
Results from a recent survey reveal that 68% of healthcare employees occasionally share confidential or regulated data.
Health data breaches rise significantly in March
The number of health data breaches for March was more than January and February combined.
FBI warns of cyber attacks on FTP servers in healthcare
An FBI alert warns the healthcare sector that cyber criminals have stepped up attacks targeting their FTP servers.
HIPAA settlement proves value of audit controls
Having policies and procedures in place is good, as long as you have audit controls to ensure they’re implemented, unlike this Florida healthcare system.
Hospital’s fate warns of tax season scams
On January 25, it was discovered that the tax information of 1,457 hospital employees had fallen into a scammer’s hands in one of the latest W-2 business email compromise attacks.
Phishing campaign uses PDF attachments
The SANS Internet Storm Center warns about an active phishing campaign that utilizes PDF attachments to harvest email credentials from victims.
Patient behind breach using hospital library laptop
The New Hampshire DHHS says a former patient is behind a breach that began on a laptop in the hospital library, affecting approximately 15,000 patients.
Hack of Quest Diagnostics affects 34k people
Quest Diagnostics Inc. is investigating a hack into an internet application on its network that exposed the PHI of about 34,000 people.
Beware of images posted in Facebook Messenger
Clicking on images in Facebook Messenger could unleash a devastating ransomware attack on your organization.
Be on the alert for App ID Theft
Want to give personal information to a scammer this holiday season? There’s an app for that. Actually, there are hundreds of apps for that and many are masquerading as legitimate retailers.
Latest HIPAA settlement proves why managing security risk is critical
St. Joseph Health will pay $2.14 million for HIPAA violations, serving as an unfortunate example of why managing security risk is critical.
OCR releases guidance on Cloud Computing and HIPAA
The OCR released a guidance on October 6 that attempts to clear things up regarding cloud service providers and HIPAA.
Latest HIPAA settlement shows importance of up-to-date BA agreements
On Sept. 23, 2016, the OCR announced its second HIPAA enforcement action against a business associate to the tune of $400,000. The hospital had previously entered into a settlement of $150,000 for its part in the breach.
Join Oct. 12 webcast: BAs, HIPAA Risk Management
More and more, HIPAA breaches are caused by the Business Associates of HIPAA covered entities. Learn how to manage these risks in Oct. 12 webcast.
OCR is stepping up its investigations of smaller breaches
The OCR has begun an initiative to more widely investigate the root causes of smaller breaches affecting fewer than 500 individuals.
Data breach at Banner Health affects 3.7 million
News of a massive data breach at Banner Health continues to make headlines since first being announced Aug. 3.
OCR Desk Audits are beginning
This week selected covered entities began receiving notification letters for Phase Two of OCR’s HIPAA audit program which involve desk audits.
Recent breach shows importance of BA agreements
Carefully managing Business Associates agreements is important. Take a lesson from the breach of 4300 patient files through a vendor of a Boston hospital.
Plaintext data compromises patient info
A hacker claims to steal nearly 10 million patient records using readily available plaintext data. How can you protect patient info?
David Ginsberg explains new HIPAA audits in webinar
PrivaPlan President David Ginsberg leads June 28 webinar hosted by CORHIO about new HIPAA audits of covered entities and their business associates.
Can you name 10 technologies with the greatest vulnerabilities?
There are 10 technologies emerging in the next five years with the greatest vulnerabilities in terms of cybersecurity, finance, personal health and safety. Two directly impact the health care industry.
The 5 enemies of healthcare IT security
We know we have an important job to do in healthcare IT, especially in keeping the greedy little hands of cyber attackers out of the personal files of patients and providers. A recently released report from Critical Infrastructure Technology backs this up.
AMA’s top 9 list includes focus on health IT
This month the American Medical Association (AMA) released a list of the nine top issues they believe physicians should watch in the coming year and why, and what the AMA is doing to address the issues. We’re going to look at the two that call out health IT.
How do you handle patients who bring in their medical records on USB drives?
The proliferation of Electronic Health Records, patient health portals and the general increase in digital medical information has resulted in an increasing number of patients who bring their medical records to their providers of care, using some form of computer media like a USB drive.