Are you vulnerability to these attacks?
The Importance of Patching
Most of us know about patch Tuesday - the second Tuesday of every month is when Microsoft releases its software patches. Most IT companies either manually update client systems or have them set to run automatically.…
Your EHR is failing you for HIPAA compliance
EHR & HIPAA
A recent report published by Cynergistek presented data showing less than half of the nation's healthcare institutions comply with the National Institute of Standards and Technologies (NIST) Cybersecurity Framework (CSF).…
Your apps are your security enemy. Here’s what we’ve recently discovered.
EULA, YOU, and HIPAA
What do End User License Agreements and HIPAA have to do with each other? According to recent discoveries, a heck of a lot. It turns out apps like Meta's Facebook and Messenger, Instagram, Tik Tok, and others, are mining…
Will we see reduced HIPAA fines
Are reduced HIPAA fines on the way?
In 2019 we wrote an OCR letter that discussed the possible reduction of HIPAA fines. We were all for it - read about it here - OCR Caps HIPAA FInes.
It looks like OCR is ready to change the annual fee structure.…
New HIPAA guidance is on the way, here’s the good and the bad.
New HIPAA Guidance
Years ago, at a HIPAA conference in DC hosted by NIST, they announced an update to 800-66 would be coming. Almost 10 years later, we now have a draft copy of this paper - 800-66r1. Why is this significant? 800-66 was the…
OCR announces 11 more HIPAA ROA violations
Eleven more fines, are you next?
OCR recently announced that 11 more entities were fined for failing to provide timely access to patient records following a patient complaint. This list included mental health practitioners, dentists, and more.…
HIPAA and your password policy – are you compliant?
HIPAA and your password.
Thanks to NIST, who in 2017 changed their recommended password policy in publication 800-63B, the change/do not change debate has been ongoing. If you aren't familiar with the publication, here's a short news video…
The lawsuits are flowing in the MCG Health breach. Here’s why it’s bad for you.
Vendor Risk
MCG Health is a health information services company providing clinical guidelines to hospitals and other care facilities nationwide. They recently reported a breach that had occurred back in 2020, and already lawsuits from their…
Facebook is collecting your health information. Should you care?
Facebook is bad for your health!
A report published this week by the website Newsbusters revealed some disturbing information about Facebook. The news organization ran a battery of tests against 100 US hospitals and discovered a third of them…
Get ready for major HIPAA changes
HIPAA Changes Ahead
In January of 2021, we reported on an amendment to the HITECH act by congress that intended to advance HIPAA compliance and enforcement. The idea was to incentivize Covered Entities to adopt best practices for cybersecurity…
The hospital attack that wasn’t
How Boston Children's dodged an attack
This past week the FBI released details on a cyberattack against Boston Children's Hospital in November of last year. Prior to the attack, CISA and others sent alerts out to the healthcare community warning…
HIPAA Breaches Running at Record Rate
HIPAA Breaches and You
In the past 12 months, we've averaged over 3.3 million breached healthcare records per month. Aside from the breach of confidentiality this represents, the information in those records is used for financial fraud,…
Hey, what’s your password? The Dark Web knows
Creating Better Passwords
To make passwords "strong," they must be both unique and lengthy (at least 12 characters).
Generally, people are pretty bad at creating passwords that fit either category (much less both). You could let a computer…
HIPAA Fines Show How You Are Failing
HIPAA violations are on the rise.
Although we didn't hear too much about breach-related HIPAA violations during the pandemic, incidents were occurring, and the violations are now being pursued and published. The result is a steady stream of…
OCR is soliciting feedback on pending changes
OCR is making HIPAA changes, are you ready?
Earlier today the Office for Civil Rights (OCR) issued a Request For Information to its constituents (that's us) soliciting feedback for potential changes in two areas. The first area relates to cybersecurity,…
Critical Google and Microsoft updates
Critical Update Alert
Recently Microsoft and Google released a critical security update to their browsers. Since you likely use these browsers in your environment, you need to ensure that they stay up to date. Below we have included sets…