HIPAA Advice

The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) published an advisory on January 8, 2020 that the Citrix Gateway web server appliances and the Citrix Application Delivery Controller were found to have […]

Gmail is considered the most popular email service having about 1.5 million users. However, can healthcare organizations use Gmail to send protected health information (PHI)? Is Gmail HIPAA compliant? Making Gmail HIPAA Compliant So that […]

The FBI reported a TLP:Amber alarm due to the high incidents of cyberattacks employing the MegaCortex and LockerGaga ransomware variants. The attackers target big companies and businesses and usually use the ransomware several months after […]

A lot of cybercriminals continue to send phishing emails randomly expecting to get responses. Nevertheless, it is more profitable to run targeted attacks or spear phishing. Microsoft remarks that spear-phishing attacks doubled this year, from […]

Compliancy Group is going to host a webinar on November 20, 2019 at 14:00 ET. The webinar will feature a group demonstration of how to use The Guard, its software solution to HIPAA compliance. The […]

Microsoft reported in May 2019 something about the BlueKeep exploit. It is a CVE-2019-0708 vulnerability, which is a serious remote code execution flaw identified in Windows Remote Desktop Services. The cybersecurity community anticipated the creation […]

The Guidance Center (TGC) in Avalon in California and Long Beach, Compton, San Pedro, a not-for-profit mental health care services provider to deprived kids and their families, had spotted a security breach in its digital […]

A new analysis report by the DHS’ Cybersecurity and Infrastructure Security Agency (CISA) highlights a number of the prevalent risks and vulnerabilities related to switching from on-premise to cloud-based mail services like Microsoft Office 365. […]

Can Docusign be used with electronic protected health information (ePHI) by healthcare organizations without violating HIPAA Rules? Is DocuSign compliant with HIPAA? DocuSign is a provider that offers electronic signature and transaction management services. DocuSign […]

Amazon announced a new service that allows healthcare professionals to de-identify medical images by automatically removing any identifying protected health information (PHI) presented in the images. Pictures taken in medical settings often contain personally identifiable […]

Beazley Breach Response Services have released a new report indicating that 71% of ransomware attacks target small and medium businesses (SMBs). Ransomware is malware variant which denies the user access to their device, or individual […]

Security researchers have identified two vulnerabilities in the Conexus telemetry protocol used by Medtronic MyCarelink monitors, CareLink monitors, CareLink 2090 programmers, and 17 implanted cardiac devices. One vulnerability is rated as ‘critical’, and the other […]

Phishing attacks against large organisations have become increasingly common in recent years. Sectors that deal with sensitive information, such as the healthcare sector and financial industries, are particularly at risk of attack. Credit card numbers […]

Marketo is Marketing Automation software focused on account-based marketings. In April 2018, Adobe purchased Marketo for $4.75 billion. The software has received widespread praise, such as featuring on the Wall Street Journal’s “Next Big Thing” […]

UConn Health has announced that a recent phishing attack has compromised approximately 326,000 patient files.  UConn Health is the branch of the University of Connecticut that oversees clinical care, advanced biomedical research, and academic education […]

Deep Instinct has announced that it has identified a new phishing campaign is spreading Separ malware.   Researchers at Deep Instinct identified the last campaign in January 2019. The threat actors behind this version of […]

Akamai has announced the discovery of a new phishing attack that spoofs a Google webpage.  Larry Cashdollar, working at Akamai, a cloud service provider, discovered the fraud campaign. Like many other phishing campaigns, this attack […]

Dropbox is a popular file hosting service used by over 500 million people worldwide. It is becoming increasingly popular with businesses and organisations as a way of storing files, as it reduces costs by reducing […]

Radware has released a report that reveals the cost of a cyber attack to businesses has increased by 52% in the past year. Radware researchers surveyed 790 professionals across the globe in a variety of […]

HIPAA Rules requires organizations in the healthcare industry place adequate safeguards on sensitive data they hold to ensure that the integrity and security of protected healthcare information (PHI) is maintained. Many of these stipulations are […]

The National Counterintelligence and Security Centre (NCSC) has launched a public awareness campaign with the aim of improving the response of businesses to cybersecurity threats. NCSC, part of the Office of the Director of National […]

A study has been published which investigated how data breaches affect hospital advertising expenditure decisions. The study, entitled “Understanding the Relationship Between Data Breaches and Hospital Advertising Expenditures” was published by Sung J. Choi, PhD […]

A flaw has been identified in Orange Livebox ADSL modems that causes the modems to “leak” WiFi credentials. Orange Livebox is an ADSL wireless router used to deliver broadband services to customers of Orange S.A., […]

The final version of the Risk Management Framework (RMF 2.0) has been released by the National Institute of Standards and Technology (NIST). NIST is a non-regulatory agency of the United States Department of Commerce. The […]

The Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued an advisory about a vulnerability that has been identified in certain Medtronic CareLink and Encore Programmers. ICS-CERT, an organisation created to identify and tackle problems […]

In late November, the Department of Justice indicted two Iranian threat actors over the use of SamSam ransomware. However, Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) are urging organisations that the threat […]

The American Medical Informatics Association (AMIA) and the American Health Information Management Association (AHIMA) have called for officials to reform the Health Insurance Portability and Accountability Act (HIPAA). The calls for reform were made on […]

The Department of Health and Human Services’ Office of Inspector General (OIG) has issued a report questioning the integrity of security systems at two managed care organizations (MCOs) in Arizona following security audits of the […]

The National Cybersecurity Center of Excellence (NCCoE) is a US government organisation that builds and shares solutions to potential cybersecurity threats faced by US businesses. The NCCoE is a part of the National Institute of […]

The Department of Health and Human Services (HHS) has drafted a Request for Information (RFI) to assess HIPAA Rules may be hindering patient information sharing. The move is in repose to complaints that healthcare providers […]

The HHS’ Office of Inspector General (OIG) has published the findings of an audit of the FDA’s policies and procedures for addressing medical device cybersecurity in the postmarket phase.   The US Food and Drug Administration […]

HIPAA’s email rules may be complicated at first glance, but ultimately can be broken down into a number of comprehensible stipulations and requirements. It is vital that any organisation has a good grasp of HIPAA’s […]

The use of electronic or “e-signatures”  is becoming widespread as more and more people have access to portable electronic devices. As with any new development in technology, there was some concern over the compatibility of […]

The Compliancy Group launched a new free tool called HIPAA Quiz to help organizations assess the present condition of their HIPAA compliance. Healthcare providers that implement policies and procedures in compliance with the Health Insurance […]

ProPublica published a research in 2015 that revealed the involvement of healthcare employees in HIPAA social media violations in 2015. If not resolved, there will probably be a lot more incidents of HIPAA violation happening […]

The GDPR refers to a Supervisory Authority as a self-governing public authority accountable for overseeing GDPR compliance, supporting companies be GDPR compliant, and executing compliance and doing investigations. The supervisory authority should be advised if […]

Alive Hospice in Tennessee found that two of its employees’ email accounts were unsecured because of phishing attacks. While examining Alive Hospice’ email system on May 15, 2018, recurring unauthorized access to the email accounts […]

Healthcare providers are reminded by OCR to follow the HIPAA patch management requirements, which make sure that ePHI privacy, integrity, and accessibility stays secure. Flaws in the software applications code could be exploited by hackers […]

Almost every day of the year there’s a report of a HIPAA violation happening whether in a hospital, health plan or by a healthcare professional. But what is a HIPAA and in what ways is […]

It’s good to know about the beginnings of the Health Insurance Portability and Accountability Act and how it has changed over the years. HIPAA was signed into law on August 21, 1996 by President Bill […]

Working in healthcare requires a good working knowledge of HIPAA rules.  It requires diligence to ensure compliance with HIPAA rules. When HIPAA rules are violated, there are consequences, whether a healthcare employee does it accidentally […]

Healthcare organizations must be prepared for the unexpected times when cyber criminals attack their data networks with the intention of extortion. It is expected that HIPAA-compliant entities are already somewhat prepared against cyber attacks because […]

When patients complain of privacy violation, healthcare providers need to know how to deal with it. For an efficient response, the organization must have policies that cover complaints procedure. The staff should know how to […]

According to Healthcare Information and Management Systems Society (HIMSS), there are five current cybersecurity threats that healthcare organizations need to watch out for to prevent unauthorized access to their networks and protected health information. The […]

Sophos, an online security company, released a report saying that victims of ransomware attacks are likely to have more attacks within a year. It pointed out that healthcare companies will continue to be the target […]

Hacking or IT incidents is the major cause of healthcare data breaches of 2017. 17 out of the top 20 were of this cause. In comparison to the previous years, hacking/IT incidents only accounted for […]

The Department of Health and Human Services has updated the rule on Confidentiality of Substance Use Disorder Patients Records. In relation to this, the regulation on Substance Abuse and Mental Health Services Administration (SAMHSA) also […]

About 98% of healthcare providers are still not yet implementing the DMARC (Domain-based Message Authentication, Reporting & Conformance) email authentication standard. This information is based on a survey conducted by the National Health Information Sharing […]

Healthcare organizations are expected to follow the rules introduced by the Health Insurance Portability and Accountability Act (HIPAA). The question is which federal departments are enforcing HIPAA rules? How can consumers make sure that covered […]

A patient cannot sue a healthcare provider for a HIPAA violation and seek damages even when harm resulted. But it is still possible to take legal action against the covered entity and demand damages for […]

The U.S. Food and Drug Administration (FDA) gave an update of the guidelines that medical device manufacturers should follow when it comes to sharing information requested by patients. The medical devices that patients use can […]

Representatives Dave Trott (D-MI) and Susan Brooks (R-IN) introduced the Internet of Medical Things Resilience Partnership Act in the U.S. House of Representatives recently. With the increase in the number of medical devices and systems […]