Tag: HIPAA
-
Poor Risk Analysis Cost 4 Firms $1.7 Million in HIPAA Fines
HHS OCR Breach Investigators Again Find All-Too-Common Risk Analysis Failures. Faulty or non-existent security risk analyses cost a medical imaging provider, a women’s healthcare group, a health plan and a third-party insurance administrator a collective $1.7 million in fines after federal regulators concluded they didn’t do enough to prevent ransomware attacks. First seen on govinfosecurity.com…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
7 biggest healthcare security threats
Tags: access, ai, api, attack, breach, business, cloud, control, credentials, cyber, cyberattack, cybersecurity, dark-web, data, data-breach, email, endpoint, google, government, hacking, healthcare, HIPAA, infrastructure, injection, insurance, Internet, phishing, risk, security-incident, service, software, spam, sql, threat, tool, vulnerabilityCloud vulnerabilities and misconfigurations: Many healthcare organizations have adopted cloud services as part of broader digital transformation initiatives. As a result, patient health information (PHI) and other sensitive data is increasingly being hosted in vendor cloud environments.The trend has broadened attack surface at healthcare organizations, says Anthony James, vice president of products at Infoblox, especially…
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
Feds Are Still Assessing Proposed HIPAA Security Rule Update
HHS OCR Director Says Cost of Inaction May Outweigh Compliance Burdens. The Trump administration has yet to decide whether to continue a proposed overhaul of the HIPAA Security Rule floated by its predecessor administration. But the nation’s top federal enforcer of health regulation provided some insight into what regulators are thinking. First seen on govinfosecurity.com…
-
Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A growing number of … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/07/comp-ai-open-source-compliance-platform/
-
7 ways to improve your business resilience with backup and recovery
Tags: attack, automation, backup, business, cloud, compliance, control, cyber, data, dns, HIPAA, identity, malware, metric, network, PCI, ransomware, resilience, risk, service, soc, threat, vulnerability2. Ensure off-site backup copies : Local backups are fast, but they are also vulnerable to the same physical disasters and ransomware attacks that hit your primary servers. If your production environment and your backups are on the same network segment without air-gapping, a single compromise becomes a total extinction event. The Fix: Adopt a 3-2-1 strategy (3 total copies of data, 2 different media…
-
HIPAA I Do Not Think That Word Means What You Say It Means
HIPAA is often used as a shorthand for “no,” but the law is a nuanced permissions framework, not a blanket prohibition. Explore why “HIPAA-compliant” software often enforces a caricature of the actual 45 C.F.R. pt. 164. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/hipaa-i-do-not-think-that-word-means-what-you-say-it-means/
-
Heading to RSA Conference 2026? Mark your Calendar and Meet Thales!
Tags: access, ai, application-security, attack, communications, compliance, conference, container, control, cybersecurity, data, defense, firewall, framework, GDPR, google, HIPAA, iam, ibm, injection, LLM, malicious, risk, tool, vulnerabilityHeading to RSA Conference 2026? Mark your Calendar and Meet Thales! madhav Tue, 03/17/2026 – 05:14 The countdown is on. From March 2326, the cybersecurity community will gather once again at the Moscone Center in San Francisco, and Thales will be at the heart of it. Cybersecurity Chad Couser – Director Marketing Communications Thales More…
-
HHS OCR Fines Firm $10K in Breach Affecting 15M
HIPAA Settlement Small Compared to Many Others. U.S. federal regulators fined a dental practice software vendor with a seemingly lowball financial penalty for a high-stakes 2020 hack affecting 15 million individuals that the company failed to report. Maryland-based MMG Fusion agreed to $10,000. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hhs-ocr-fines-firm-10k-in-breach-affecting-15m-a-30938
-
HHS OCR Fines Firm $10K in Breach Affecting 15 Million
HIPAA Settlement Small Compared to Many Others. U.S. federal regulators fined a dental practice software vendor with a seemingly lowball financial penalty for a high-stakes 2020 hack affecting 15 million individuals that the company failed to report. Maryland-based MMG Fusion agreed to $10,000. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/hhs-ocr-fines-firm-10k-in-breach-affecting-15-million-a-30938
-
Modernizing HIPAA: Are You Ready?
Key Challenges in the Proposed HIPAA Security Rule Update The HIPAA Security Rule may soon undergo its first major overhaul in decades. Although finalization could come as early as May 2026, timelines remain uncertain as new requirements are grounded in modern cybersecurity practices and frameworks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/blogs/modernizing-hipaa-are-you-ready-p-4061
-
Is Outlook Email Encryption HIPAA Compliant? A Complete Guide for 2026
A practical guide to Outlook HIPAA compliance. Learn encryption requirements, configuration steps, and when to choose dedicated HIPAA email solutions. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/is-outlook-email-encryption-hipaa-compliant-a-complete-guide-for-2026/
-
Cyberattacks on Hospitals Cost Lives. Here’s How to Fight Back at Machine Speed.
Healthcare is the most targeted industry for cyberattacks, and ransomware-related delays in care have been linked to patient deaths. D3 Morpheus gives healthcare SOC teams an AI-autonomous platform that correlates alerts across the entire security stack, identifies ransomware kill chains in progress, and produces the audit-ready evidence trail that HIPAA and HITECH demand. First seen…
-
MSP Strategic Defense: Building Compliance on Dynamic Attack Surface Reduction
Tags: attack, compliance, control, cyber, defense, dora, HIPAA, insurance, ISO-27001, msp, nis-2, PCI, regulation, soc, supply-chain<div cla Compliance expectations across SMB markets are rising as supply chain regulations and cyber insurance requirements raise the baseline for security maturity. Regulatory standards such as CIS Controls v8, the NIS2 Directive, ISO 27001, SOC 2, PCI DSS, HIPAA, Cyber Essentials, CMMC 2.0, DORA, and the Essential Eight now shape what that baseline looks…
-
How to maximize HEDIS scores with synthetic data
Accessing PHI for development and testing is often blocked by stringent HIPAA compliance requirements. Learn how synthetic data helps engineers build tools to close care gaps and improve HEDIS scores. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/02/how-to-maximize-hedis-scores-with-synthetic-data/
-
Feds Launch Portal to Report Substance Use Disorder Breaches
New HHS Enforcement Program Focuses on Patient Confidentiality, Aligning With HIPAA. The U.S. Department of Health and Human Services has launched a new breach reporting website and guidance materials to support its duties of enforcing compliance mandates that went into effect Monday to better align the confidentiality of substance use disorder records with the HIPAA…
-
AI Powered HIPAA Compliance Readiness Testing in Healthcare Software. A QA Leader’s Guide to Continuous Compliance
In healthcare software, quality is inseparable from compliance. A feature working as designed is not enough. Every workflow, integration, and data exchange must protect Protected…Read More First seen on securityboulevard.com Jump to article: https://securityboulevard.com/2026/02/ai-powered-hipaa-compliance-readiness-testing-in-healthcare-software-a-qa-leaders-guide-to-continuous-compliance/
-
Questions Loom Ahead of Substance Abuse Privacy Rules Shift
As the compliance deadline quickly approaches for changes to align the federal rules for the confidentiality of substance use disorder records with HIPAA, entities that participate in so-called Part 2 programs still face critical unanswered questions, said attorney Aleksandra Vold of BakerHostetler. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/questions-loom-ahead-substance-abuse-privacy-rules-shift-i-5522
-
Ambulance Billing Firm Pays $515K Fine to 2 States in Hack
Comstar Paid Feds $75K Last Year to Settle HIPAA Allegations in Same 2022 Breach. An ambulance billing and collections firm has agreed to pay $515,000 to Massachusetts and Connecticut regulators and implement a prescriptive information security program in the aftermath of a 2022 hacking incident affecting the sensitive information of nearly 350,000 residents in those…
-
Aligning Substance Use Privacy Regs With HIPAA Isn’t Simple
Revisions to 42 CFR Part 2 that go into effect soon to better align federal regulations for the confidentiality of substance use disorder records with HIPAA require entities to adjust their compliance programs. But the changes aren’t easy, said attorney David Holtzman, founder of HITprivacy LLC. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/aligning-substance-use-privacy-regs-hipaa-isnt-simple-i-5519
-
Study: Future IT Workers Would Sell Patient Data
Nearly 60% of Tech Students Said They’d Violate HIPAA If the Price Was Right. Budding IT insiders can be corrupted into giving up protected health information of a very famous patient, say State University of New York at Buffalo researchers who also found a correlation between an interest in white hat hacking and illegal breaches.…
-
Top 10 HIPAA Compliance Software Solutions
Key Takeaways Healthcare breaches have cost an eye”‘watering $7.42 million per incident in 2025, and it’s not surprising that regulators are dialing up new requirements like multi”‘factor authentication, encryption for all ePHI, and yearly audits. Small practices may be able to get by with basic tools, but larger organizations need more robust systems. The best……
-
HHS Urges Health Sector to Harden Security of PHI, Devices
Feds Pushing HIPAA Regulated Entities to Bolster Security Risk Management. Federal regulators are advising regulated healthcare firms and their third-party vendors to harden systems, software and medical devices to better safeguard protected health information. Hardening is a necessary measure for protecting data privacy security – but also in protecting patient safety. First seen on govinfosecurity.com…
-
Anthropic brings Claude to healthcare with HIPAA-ready Enterprise tools
Anthropic is bringing Claude for healthcare, following a similar move by OpenAI for ChatGPT. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/artificial-intelligence/anthropic-brings-claude-to-healthcare-with-hipaa-ready-enterprise-tools/