Nearly Three-Quarters of Organizations Were the Target of Attempted Business Email Compromise Attacks
| |

Nearly Three-Quarters of Organizations Were the Target of Attempted Business Email Compromise Attacks

In an article from KnowB4, there is new data that highlights just how dangerous business email attacks really are. The following is the complete article with helpful links. “Business Email Compromise (BEC) attacks often don’t get the press they require; these attacks utilize a heavy dose of social engineering to spoof company email accounts and impersonate individuals…

What is Social Engineering
| |

What is Social Engineering

Social engineering is a method used by cyber attackers to manipulate people into divulging confidential information or performing actions that compromise security. Unlike traditional hacking methods that rely on exploiting technical vulnerabilities, social engineering exploits human psychology and behavior to achieve its goals. Social engineering techniques can take various forms, such as: Social engineering attacks…

What is Phishing
| |

What is Phishing

Phishing is a form of criminally fraudulent social engineering. Phishing is a type of cyber attack where attackers attempt to trick you into divulging sensitive information such as your usernames, passwords, credit card details, or other personal information by posing as a trustworthy entity in an electronic communication. Phishing often mimics legitimate organizations such as banks,…

3 Ways Your Center Can Prepare for Upcoming HIPAA Security Rule changes
| |

3 Ways Your Center Can Prepare for Upcoming HIPAA Security Rule changes

There have been rumors swirling about upcoming changes to the HIPAA Security Rule for some time now. Those changes were outlined in a previous article titled, “HHS Unveils Healthcare Cybersecurity Strategy” In preparation for the changes. the following by HealthITSecurity outlines some ways you can prepare your center. “In the decades since the HIPAA Security Rule was…

HHS’ Office for Civil Rights Release Final Version of Special Publication (SP) 800-66 Revision 2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.
| |

HHS’ Office for Civil Rights Release Final Version of Special Publication (SP) 800-66 Revision 2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide.

The HHS Office for Civil Rights (OCR) and the National Institute of Standards and Technology (NIST) are pleased to announce the publication of the final version of Special Publication (SP) 800-66 Revision 2, Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule: A Cybersecurity Resource Guide This revised publication, a collaborative effort between NIST and…

HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million
| |

HHS’ Office for Civil Rights Settles Malicious Insider Cybersecurity Investigation for $4.75 Million

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Montefiore Medical Center, a non-profit hospital system based in New York City for several potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The “OCR is responsible for administering and enforcing health…

HHS Unveils Healthcare Cybersecurity Performance Goals
| |

HHS Unveils Healthcare Cybersecurity Performance Goals

Related to the previous post, “HHS Unveils Healthcare Cybersecurity Strategy” the Department of Health and Human Services recently released the voluntary healthcare cybersecurity goals healthcare organizations should strongly consider implementing. The following article by HealthITSecurity includes links to the paper as well as links to valuable information that may help your center with cybersecurity. The…

HHS Unveils Healthcare Cybersecurity Strategy
| |

HHS Unveils Healthcare Cybersecurity Strategy

The Department of Health and Human Services plan to strengthen healthcare cybersecurity is outlined in a new concept paper. The outline paper includes future updates to HIPAA and the establishment of voluntary performance goals. The following article by HealthITSecurity includes links to the paper as well as links to valuable information that may help your…

HHS RESOLVES PHISHING ATTACK INVESTIGATION
| |

HHS RESOLVES PHISHING ATTACK INVESTIGATION

Today, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), announced a settlement with Lafourche Medical Group, a Louisiana medical group specializing in emergency medicine, occupational medicine, and laboratory testing. The settlement resolves an investigation following a phishing attack that affected the electronic protected health information of approximately 34,862 individuals. Phishing…

Healthcare Cybersecurity Vulnerability Mitigation Guide
|

Healthcare Cybersecurity Vulnerability Mitigation Guide

The Cybersecurity and Infrastructure Security Agency, or CISA issued a cybersecurity vulnerability mitigation guide for healthcare, stressing the importance of addressing known vulnerabilities and reducing risk across the sector. HealthITSecurity provides an excellent overview. Their article along with links to the guide and other important resources are below. The Cybersecurity and Infrastructure Security Agency (CISA) issued a…

OCR Releases Cybersecurity Video: How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks
|

OCR Releases Cybersecurity Video: How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks

October is cybersecurity awareness month. The Office of Civil Rights (OCR), the enforcer of the HIPAA Rules, has released a cybersecurity video: How the HIPAA Security Rule Can Help Defend Against Cyber-Attacks. This supports their previously identified goal to prioritize healthcare cybersecurity over the next two years. In recognition of National Cybersecurity Awareness Month, OCR…

Is Your Organization Eligible for Cyber Insurance?
| | |

Is Your Organization Eligible for Cyber Insurance?

Insurance companies that provide cyber insurance have been educating themselves about today’s cyber environment and the relatively new market of cyber insurance. Now, insurance companies are more aware of the need for their insured organizations to have proper security measures that include a wide range of solutions. As insurers better understand what a “secure organization”…

HHS Plans to Prioritize Healthcare Cybersecurity
|

HHS Plans to Prioritize Healthcare Cybersecurity

The Department of Health and Human Services indicates they will prioritize cybersecurity over the next two years. Below is the article in full from HealthItSecurity outlining the announcement including links to the White House’s commitment to creating updated healthcare cybersecurity standards, as well as links to additional resources. “HHS and its many agencies and offices serve…

Updated Security Risk Assessment Tool 3.4 Now Available
| | |

Updated Security Risk Assessment Tool 3.4 Now Available

The Office for Civil Rights (OCR) and the Office of the National Coordinator for Health Information Technology (ONC) at the U.S. Department of Health and Human Services (HHS) announced the release of version 3.4 of the Security Risk Assessment (SRA) Tool. This is the same tool discussed at several conferences this year. Please use the…

Rhysida Ransomware Emerges as Latest RaaS Threat Group
|

Rhysida Ransomware Emerges as Latest RaaS Threat Group

In an article from HealthItSecurity, Rhysida, new ransomware-as-a-service group leverages phishing and Cobalt Strike exploits to access victim networks and deploy ransomware. Below is their article in full including a link to a very informative threat brief published by HHS, Office of Information Security. “Rhysida ransomware group is the latest threat group to target victims…

June 2023 HHS OCR Cybersecurity Newsletter
|

June 2023 HHS OCR Cybersecurity Newsletter

The Office of Health and Human Services Office of Civil Rights published their Quarterly Cybersecurity newsletter discussing HIPAA and Cybersecurity Authentication. Below is the newsletter in its entirety as well as resources. “Strong authentication processes are often analogized to a locked door in the cyber world. Weak or non-existent authentication processes leave your digital door open…

Responding to Negative Online Comments. Is it worth it?
| |

Responding to Negative Online Comments. Is it worth it?

On June 5, 2023, HHS reached a settlement agreement with a New Jersey psychiatry practice that included, amongst other requirements, a fine of $30,000 to settle a complaint about an impermissible disclosure of protected health information when the psychiatry practiced disclosed the patient’s protected health information in a response to a negative online review. The…

Protecting Patient Data: The Importance of Cybersecurity in Healthcare
| |

Protecting Patient Data: The Importance of Cybersecurity in Healthcare

The following article is taken from a recent article written by KnowBe4, which does an excellent job explaining the importance of cybersecurity as well as outlining some practices to implement to ensure your organization has a robust cybersecurity program. Give it a read and compare your organization’s practices to those mentioned in the article. Should…

Healthcare Organizations Face Increased Scrutiny
| | |

Healthcare Organizations Face Increased Scrutiny

An increase in hacking incidents, new regulatory requirements and compliance initiatives due to Dobbs and Pixel use, and lawsuits against healthcare organizations over privacy violations are soaring. HIPAA-regulated entities and other organizations that operate in the healthcare space are now facing increased scrutiny of their data security practices and compliance programs. An increase in enforcement actions and…

HHS Cybersecurity Task Force Provides New Resources to Help Address Rising Threat of Cyberattacks in Health and Public Health Sector
| | |

HHS Cybersecurity Task Force Provides New Resources to Help Address Rising Threat of Cyberattacks in Health and Public Health Sector

On April 17th, “The U.S. Department of Health and Human Services (HHS) 405(d) Program announced the release of the following resources to help address cybersecurity concerns in the Healthcare and Public Health (HPH) Sector: These efforts are a key part of the Administration’s work to secure all of our Nation’s critical infrastructure from cyber threats….

HHS Restructures OCR to Handle Increased HIPAA Complaints
| | |

HHS Restructures OCR to Handle Increased HIPAA Complaints

It should not come as a surprise that on February 27, 2023 HHS announced three new divisions within the Office of Civil Rights (OCR): An Enforcement Division, a Policy Division, and a Strategic Planning Division. In HHS’s report to Congress, HHS noted a 25% increase in HIPAA and HITECH complaints received in 2020. The Director…

HHS Office for Civil Rights Delivers Annual Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information
| | |

HHS Office for Civil Rights Delivers Annual Reports to Congress on HIPAA Compliance and Breaches of Unsecured Protected Health Information

The HHS Office of Civil Rights (OCR) provided Congress with two reports for 2021 regarding HIPAA Privacy, Security, and Breach Notification Rule Compliance and Breaches of Unsecured Protected Health Information. These reports can help organizations like pregnancy centers and business associates better comply with the requirements of HIPAA by giving insight to trends in the HIPAA environment….

New Bill to Strengthen HIPAA Protections for Patients Seeking Reproductive Healthcare
| | |

New Bill to Strengthen HIPAA Protections for Patients Seeking Reproductive Healthcare

US Senators Michael Bennet (D-CO) and Mazie Hirono (D-HI) introduce the Secure Access for Essential Reproductive (SAFER) Health Act. The act aims to strengthen HIPAA protections; as a result, it would prohibit providers from disclosing patient information relating to abortion or pregnancy loss without patient consent. The February 9, 2023 press release states, “The SAFER…

How to Dispose of Electronic Protected Health Information Under HIPAA
| | |

How to Dispose of Electronic Protected Health Information Under HIPAA

Improper disposal of either paper or electronic protected health information is a HIPAA violation. HIPAA requires organizations to implement and follow administrative, technical, and physical safeguards. These types of violation lead to investigation by the Office of Civil Rights (OCR) and substantial civil money penalties. July 6, 2021 HealthReach Community Health Centers experienced a breach…

HHS OCR Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies
| | |

HHS OCR Issues Bulletin on Requirements under HIPAA for Online Tracking Technologies

The bulletin highlights the obligations of covered entities and business associates when using online tracking technologies like Google Analytics or Meta Pixel. These technologies are designed to collect and analyze information about how users interact with a regulated entity’s website or mobile application. Does your organization share electronic protected health information (ePHI) with online tracking…

FBI Reports Hive Ransomware Actors Have Extorted Over $100M From Victims
|

FBI Reports Hive Ransomware Actors Have Extorted Over $100M From Victims

The Federal Bureau of Investigations (FBI) warns of ongoing malicious activity by the notorious Hive ransomware gang. The Hive ransomware gang has extorted more than $100 million from its victims, which includes organizations from a wide range of industries such as government facilities, communications, information technology, with a focus on healthcare and public health entities….

What About This Transaction
|

What About This Transaction

45 CFR 162.1101: Health care claims or equivalent encounter information transaction is either of the following: a) A request to obtain payment, and necessary accompanying information, from a health care provider to a health plan, for health care. b) If there is not direct claim, because the reimbursement contract is based on a mechanism other than…

OCR: Complying With the HIPAA Security Rule Substantially Prevents and Mitigates Most Cyberattacks
|

OCR: Complying With the HIPAA Security Rule Substantially Prevents and Mitigates Most Cyberattacks

The OCR announced in its March 2022 Cybersecurity Newsletter that compliance with the HIPAA Security Rule can both prevent and mitigate cyberattacks. Healthcare hacking incidents have steadily increased throughout 2020 and 2021 with no decrease in sight. From 2019 to 2020 the industry experienced a 45% increase of hacking or IT incidents and between 2020…

5 Barriers to Secure Email Communication
|

5 Barriers to Secure Email Communication

1. Cumbersome email technology HIPAA compliant email requires encryption. Email encryption services go about encryption differently. Some email encryption services require recipients to login to a portal, which means creating a username and password that must be remembered. Other services require the sender to insert certain words to initiate encryption.  2. Training For the selected…

Common HIPAA Violations Part 1
| |

Common HIPAA Violations Part 1

Security Risk Assessment The HIPAA Security Rule requires organizations to conduct a Security Risk Assessment, also called a security risk analysis. When it comes to HIPAA violations, the failure to conduct or complete a security risk assessment seems to be the most common violation. However, this does not have to be the case! There are…