Privacy

UVA Health System Notifies 1,882 Patients About Potential Privacy Issue

University of Virginia Health System is notifying 1,882 patients that an unauthorized third party may have been able to view some of their private health information. The University of Virginia Health System is notifying patients of a cyberattack that gave a hacker access to over 1,800 medical records.The FBI discovered that a physician’s devices with

[ Read More ]

A quarter of healthcare organizations willing to pay ransomware

Ransomware is reaching epidemic proportions. According to a report by Solutionary, the healthcare industry was the victim of 88% of all ransomware attacks in U.S. industries in 2016. A key driver of this could be the fact that nearly one-quarter of U.S. healthcare organizations would pay a ransomware demand following a cyberattack.

[ Read More ]

The Final Race to GDPR: Are You on the Right Track?

In less than four months, on May 25, 2018, the European Unions General Data Protection Regulation (GDPR) 1 will enter into full effect, bringing with it an array of new individual rights and regulatory requirements. This European regulation protects the rights of individuals, strengthens accountability, obligates organizations to set up self-assessment processes and, finally, increases

[ Read More ]

Hospitals Ransomware targets

You may not notice this every day, but hospitals and medical devices are constantly under attack.One would expect hospitals to have robust cybersecurity strategies, however, many enterprises are still using outdated solutions. Lack of budget, resources and complicated infrastructure make hospital networks a challenge to protect. Consequently, they operate under less-than-ideal circumstances when it comes

[ Read More ]

North Carolina proposes law requiring data breaches to be reported in 15 days

North Carolina Attorney General Josh Stein and State Rep. Jason Saine introduced legislation this week that would give organizations only 15 days to report a data breach to consumers and the attorney general.The bill is drastically different from HIPAA requirements, which give healthcare providers 60 days from the time a breach is discovered to report

[ Read More ]

GDPR: What US Healthcare Entities Need to Know

Under what circumstances must a U.S. healthcare provider comply with the European Union’s General Data Protection Regulation, which will be enforced beginning in May? In an in-depth interview with Information Security Media Group, regulatory attorney Stephen Wu explains the conditions under which compliance is required.

[ Read More ]

How to Keep Health Data Safe in the Age of Disruptive Technologies

We are elbow-deep in an age of disruptive technologies that arent just buzzwords any longer, but are entering into our health systems and every day clinical care.The University of Pittsburgh Medical Center, for example, an innovator in using analytics, has recently also begun harnessing artificial intelligence to improve care.The health system has developed AI-based algorithms

[ Read More ]

7 Steps For Comprehensive HIPAA Risk Assessment

IT risk assessment, or risk analysis, is one of the main requirements for HIPAA compliance. According to paragraph 164.308, risk analysis is an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information held by the covered entity. Failure to establish proper control over

[ Read More ]