The most dangerous HIPAA action you can do is very simple: DO NOTHING You may be under a false sense of security because none of these events have happened to your organizations: You haven’t had a HIPAA breach You haven’t received a HIPAA fine You didn’t need to use a Security Incident Response Plan You...
The Washington Post published a report that is highly critical of the security of patient information in the healthcare industry. A year-long examination of cybersecurity by The Washington Post has found that health care is among the most vulnerable industries in the country, in part because it lags behind in addressing known problem Avi Rubin...
This year more and more employees are going to get smartphones this holiday season. And more and more employees will be asking for access to email and data via those new smartphones. You may take the stance and say “no” to access via smartphones. But these employees might have access to email and data already...
ONC has launched a mobile device guidance page to help protect mobile devices. The page offers some good advice and tips to protect mobile devices including (go to the ONC page for more details on each): Use a password or other user authentication Install and enable encryption Install and activate remote wiping and/or remote disabling...
Having a Security Incident Response Plan (SIRP) will allow an organization to respond to a security incident. We define the steps of a SIRP here. An article over at Government Health IT has a question and answers segment that Leon Rodriguez, director of the Office of Civil Rights (OCR) at the Department of Health and Human Services...
Leon Rodriguez, director of the Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) recently conducted an interview with HealthcareInfoSecurity. Click on the link to listen to the full interview. Rodriguez gave some valuable insight into OCR’s plans for 2013 and beyond as well as guidance that organizations should follow to protect...
In our post New reality: EMRs held hostage we discuss the Australian medical center that had their EMR encrypted. The hackers then demanded $4,000 ransom to decrypt the EMR. Let’s take a look at how something like this can happen. The more you know about how hackers can get into your network the better you...
Dom Nicastro over at HCPro gives insight into the status of the OCR audit program for 2013. Top OCR officials have made it clear the audit program will continue next year, says Mac McMillan, FHIMSS, CISM, cofounder and CEO of CynergisTek, Inc., in Austin, Texas. There will be more audits going forward; HITECH requires them,...
Data security and protecting valuable information is the new Wild West. There is a constant battle between trying to protect data and criminals intent on stealing or hacking data. In a story that broke yesterday, Russian cyber criminals have hacked into a medical organization and held their patient information ransom. The Australian medical center, Miami...
By now many people have heard of the HHS Wall of Shame. The Wall of Shame refers to the list of organizations that have had a breach affecting 500 or more individuals. The list includes the name of the organization, the date of the breach, the approximate number of individuals affected, the type of breach...
Recent Comments