Preventing unintended or unauthorized disclosure of protected health information is an ever-present goal of all covered entities and business associates. However, protective firewalls and electronic data security measures are not enough to avoid a potentially costly penalty or settlement amount in the event of a breach. In order to defend against assessment of civil money
Healthcare organizations need to consider a number of legal issues when it comes to cybersecurity incidents involving medical devices, says attorney Thomas Barnard of the law firm Baker Donelson. “There are a couple layers that we need to be concerned about,” Barnard says in an interview with Information Security Media Group. “You have individual liabilities
Data breaches caused by hacking, so-called IT incidents and unauthorized access are on the rise, with 162% more incidents at healthcare organizations so far in 2017 as there were in all of 2016, according to data from HHS’ Office for Civil Rights.Security experts said that’s because hacking has gotten easier and organizations are now reporting
They’re difficult to memorize so employees skirt hospital IT rules when conjuring them up anyway, group says. The National Institute of Standards and Technology on Wednesday published new guidance on how to strengthen passwords. Why now? Research shows that the de facto standard practice of requiring users to include a mix of uppercase and lowercase
Take our poll and we’ll report back on what other hospital IT shops are planning to do. In new draft guidance, the National Institutes of Standards and Technology urged healthcare and other IT shops to ease common password requirements. Instead of mandating that log-in credentials consist of numbers and symbols in addition to letters, NIST
These tools have evolved in maturity, and there are ways to conduct due diligence to get past the hype. Some artificial intelligence and machine learning proponents present the technologies as if they were manna from heaven, tools that have the capability to replace humans. And it’s not unusual for mere mention of the term “artificial
The Department of Veterans Affairs and the U.S. Defense Advanced Research Projects Agency are working closely with safety certification and consulting firm UL to improve the cybersecurity of internet of things devices as well as medical devices procured by the government. The effort could yield benefits to the private sector as well, two researchers explain
Hope for the best outcome, but prepare for the worst. The advice is simple, but clearly applicable to healthcare, particularly in the wake of ongoing cyberattacks. Each day, providers strive to care for patients who walk through their doors and to keep them safe and secure. Now more than ever, clinical, IT and security leaders
WHEN BIOLOGISTS SYNTHESIZE DNA, they take pains not to create or spread a dangerous stretch of genetic code that could be used to create a toxin or, worse, an infectious disease. But one group of biohackers has demonstrated how DNA can carry a less expected threat—one designed to infect not humans nor animals but computers.
Healthcare organizations can learn important lessons from the proposed $115 million settlement in the breach lawsuit against health insurer Anthem, says Bill Fox, a former federal prosecutor. One of the key lessons emerging from the Anthem breach case, which impacted nearly 79 million individuals, is the need for more granular control of access to sensitive
