Tag: HIPAA
-
How Gainesville Regional Utilities is locking down vendor risk
Tags: access, breach, business, cio, ciso, compliance, conference, cyber, data, finance, group, HIPAA, infrastructure, malicious, penetration-testing, risk, risk-assessment, risk-management, service, soc, strategy, threat, vulnerabilityIntake and triage: The requesting business unit submits an intake form detailing the vendor’s responsibilities, the IT service involved, the types of data needed, and any required system access. The IT security team then conducts an initial risk triage.Detailed assessment: If the vendor poses a moderate or high risk, it must complete a security questionnaire…
-
Tiny US Agency to Enforce Substance Abuse Regs – and HIPAA
HHS Shifts 42 CFR Enforcement Duties to Office of Civil Rights Amid Massive Reorg. The U.S. Department of Health and Human Services has put its Office for Civil Rights in charge of investigating and penalizing organizations that breach the confidentiality of substance abuse disorder records. Some fear the agency doesn’t have the bandwidth to enforce…
-
Farmers Insurance, Aflac Report Data Breaches to Regulators
Farmers’ HIPAA Breach Affects 1.1 Million; Aflac Is Still Counting Victims. Two major U.S.-based insurers – Farmers Insurance and Aflac Inc. – have each reported to regulators data breaches involving two recent separate cyberattacks. The breaches follow a spring and summer spree of data exfiltration incidents that hit multiple large players in the insurance sector.…
-
Wichtige Vorgabe bei DSGVO, NIS2, HIPAA, DORA und ISO 27001 – Datensicherung Definition, bewährte Verfahren und zukünftige Trends
First seen on security-insider.de Jump to article: www.security-insider.de/datensicherung-definition-bewaehrte-verfahren-und-zukuenftige-trends-a-c9d84e8d59059d9abea04653eae079f7/
-
Password crisis in healthcare: Meeting and exceeding HIPAA requirements
In 2025, healthcare organizations are facing a new wave of password security risks. Recent data from the HIMSS Cybersecurity Survey reveals that 74% experienced at least one … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/20/healthcare-password-crisis/
-
Why Do HIPAA Risk Analyses Miss the Mark So Often?
Common Weaknesses Healthcare Providers Must Overcome to Avoid Regulators’ Wrath. Regulators have long pushed HIPAA-regulated providers to ensure their enterprise-wide security risk analysis is comprehensive and timely, so they can identify security issues before they become data breaches. Why do so many organizations struggle with this top HIPAA priority? First seen on govinfosecurity.com Jump to…
-
Accounting Firm Pays Feds $175K for HIPAA Ransomware Breach
Settlement Includes Corrective Action Plan Focused on Improving Risk Analysis. An investigation into a ransomware breach reported in 2020 as affecting the protected personal information of 170,000 people led to a $175,000 fine against a certified public accounting and consulting firm. Regulators also required the company to implement a corrective action plan in the settlement.…
-
How have you seen successful organizations integrate HIPAA compliance into their everyday operations rather than treating it as just an annual audit requirement?
Organizations that treat HIPAA compliance as a living, breathing part of their operations, not just an annual checkbox, are the ones best positioned to protect patient data, mitigate risk, and build enduring trust with patients and partners. Based on patterns observed across successful healthcare providers, health-tech companies, and third-party service organizations, a recurring theme emerges:…The…
-
275M patient records breached”, How to meet HIPAA password manager requirements
Healthcare led all industries in 2024 breaches”, over 275M patient records exposed, mostly via weak or stolen passwords. See how the self-hosted password manager by Passwork helps providers meet HIPAA requirements, protect ePHI, and keep care running. Try it free for 1 month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/275m-patient-records-breached-how-to-meet-hipaa-password-manager-requirements/
-
10 Best HIPAA Compliance Software Solutions Providers in 2025
In the rapidly evolving healthcare landscape of 2025, ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) is more critical than ever. The increasing reliance on digital health records, telehealth, and other technological advancements has created a complex environment where data security and patient privacy are paramount. To address these challenges, a new…
-
Why Legal Woes Continue to Mount Over Health Data Trackers
The use on online tracking tools on the health-related websites and apps of HIPAA and non-HIPAA regulated entities continues to be a lightning rod due to a long list of ongoing data privacy, regulatory and legal concerns, said partner and attorney Elizabeth Hodge of the law firm Akerman. First seen on govinfosecurity.com Jump to article:…
-
Despite changes, crisis pregnancy centers still attract scrutiny over HIPAA promises
Some crisis pregnancy centers (CPCs) still tell visitors that their data is protected under the HIPAA privacy law, despite guidance to the contrary from the government and CPCs’ own umbrella organizations. Data privacy and abortion-rights groups want states to do more to end those claims. First seen on therecord.media Jump to article: therecord.media/crisis-pregnancy-centers-hipaa-data-privacy
-
Feds Fine Surgery Practice $250K in Ransomware Breach
2021 Pysa Hack Compromised PHI of Nearly 25,000 Patients. A HIPAA breach investigation into a 2021 attack involving a variant of Pysa ransomware resulted in a $250,000 fine for an upstate New York specialty surgery practice, which also agreed to a corrective action plan that will be monitored by federal regulators for the next two…
-
Why Agentic AI in Healthcare Demands Deeper Data Oversight
As healthcare providers and their vendors develop and implement agentic artificial intelligence and other AI tools, they need to throughly understand data privacy risks under HIPAA and other laws, said attorney Jordan Cohen of law firm Akerman LLP. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/agentic-ai-in-healthcare-demands-deeper-data-oversight-i-5485
-
Hacks Lead Health Data Breach Trends So Far in 2025
345 Major HIPAA Breaches Reported to Feds So Far This Year, Affecting 29.9 Million. Midway through 2025, the federal website listing major health data breaches in the U.S. shows a familiar scene: Many hacking incidents including ransomware, dozens of third-party vendor incidents, and millions of individuals affected by compromised personal data. First seen on govinfosecurity.com…
-
Why the HIPAA Security Rule Proposal Draws Expert Concerns
While many of the proposed updates to the HIPAA security rule are reasonable expectations, others will be extremely onerous to implement if federal regulators finalize the rule’s overhaul as it’s written today, said Samantha Jacques of McLaren Health and Stephen Goudreault of security firm Gigamon. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/the-hipaa-security-rule-proposal-draws-expert-concerns-i-5482
-
Unstructured Data Management: Closing the Gap Between Risk and Response
Unstructured Data Management: Closing the Gap Between Risk and Response madhav Tue, 06/24/2025 – 05:44 The world is producing data at an exponential rate. With generative AI driving 90% of all newly created content, organizations are overwhelmed by an ever-growing data estate. More than 181 zettabytes of data now exist globally”, and 80% of it…
-
Court Ditches HIPAA Reproductive Health Info Privacy Rule
Ruling: HHS Has No Authority to Distinguish Different Types of PHI for Restrictions. A Texas federal court has vacated 2024 changes to the HIPAA Privacy Rule made by the Biden administration to shield reproductive healthcare information from law enforcement. The court’s ruling could potentially make it easier for state investigators to obtain information about abortions…
-
Tonic.ai Achieves HIPAA Compliance Certification, Ensuring Enhanced Security for Protected Health Information
We are proud to announce that we have successfully completed our HIPAA certification, marking a significant milestone in our commitment to data security and privacy. This achievement underscores our dedication to providing secure data environments for our clients, particularly those in the healthcare industry handling protected health information (PHI). First seen on securityboulevard.com Jump to…
-
Judge overturns Biden-era HHS rule on HIPAA protections for those seeking reproductive care
A federal judge ruled against a Biden administration privacy rule intended to address worries that patients visiting abortion clinics could have their records seized by law enforcement even if their procedure was legal in the state where it took place. First seen on therecord.media Jump to article: therecord.media/judge-overtuns-biden-era-hhs-rule-hipaa-reproductive-care
-
How the New HIPAA Regulations 2025 Will Impact Healthcare Compliance
The U.S. Department of Health and Human Services (HHS) is rolling out new HIPAA regulations in 2025. It’s designed to strengthen patient privacy and security in the face of these changes. These HIPAA updates are a response to the rise of telemedicine, the growing use of electronic health records (EHR), and an alarming increase in……
-
5 SaaS Blind Spots that Undermine HIPAA Security Safeguards
Hidden SaaS risks can quietly undermine HIPAA security safeguards. Discover how SaaS visibility and control help protect ePHI and ensure HIPAA compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/5-saas-blind-spots-that-undermine-hipaa-security-safeguards/
-
Sleep Center Worker Installed Secret Camera in Bathrooms
Ex-Employee Faces Criminal Charges; Hospital Reports Incident as Big HIPAA Breach. A former worker of a New York hospital’s sleep disorders center has been indicted on criminal charges alleging he hid cameras in the facility’s bathrooms to record videos of staff and patients. The hospital reported the incident to federal regulators as a HIPAA breach…
-
HHS Names New Director for HIPAA Enforcement Agency
Paula Stannard Has Deep HHS Regulatory and Legal Roots. The U.S. Department of Health and Human Services has named Paula Stannard to lead its HIPAA enforcement agency – the Office for Civil Rights. Stannard was a legal counsel at HHS under two previous Republican presidential administrations. She also has state and private sector legal experience.…
-
Interlock and the Kettering Ransomware Attack: ClickFix’s Persistence
Tags: access, attack, breach, captcha, ciso, computer, control, credentials, cyberattack, data, data-breach, detection, endpoint, exploit, group, healthcare, HIPAA, incident response, injection, malicious, mobile, network, phishing, powershell, ransom, ransomware, risk, saas, service, technology, threat, tool, vulnerabilityIn healthcare, every minute of downtime isn’t just a technical problem”Š”, “Šit’s a patient safety risk. CNN recently reported that Kettering Health, a major hospital network in Ohio, was hit by a ransomware attack. According to CNN, the Interlock ransomware group claimed responsibility, sending a chilling reminder that healthcare remains a prime target for this particular…
-
What You Don’t Know About SaaS Can Violate HIPAA Compliance
Explore how SaaS identity risks impact HIPAA compliance and what the 2025 updates mean for MFA, app inventory, and third-party software controls. Read now. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/06/what-you-dont-know-about-saas-can-violate-hipaa-compliance/
-
What’s Inside HHS’ Budget Proposals for FY 2026?
Documents Provide Some Details for Cyber, HIPAA, Other Units. The Trump administration’s fiscal 2026 budget-in-brief for the U.S. Department of Health and Services cuts deeply into some agencies including the National Institutes of Health, but calls for continued Security and HIPAA regulatory enforcement actions under a consolidated watchdog organization. First seen on govinfosecurity.com Jump to…
-
Florida Health System Pays $800K for Insider Record Snooping
Case Stems From ‘Malicious Insider’ Accessing One Patient’s Medical Information. A Florida health system paid $800,000 and will implement a corrective action plan to settle a federal HIPAA investigation into a malicious insider incident involving a patient’s medical records in 2018. BayCare Health System did not admit wrongdoing. First seen on govinfosecurity.com Jump to article:…