An all-too-common type of data security mistake – a misconfigured IT setting – has landed a Puerto Rico-based clearinghouse and cloud software services provider at the top of federal regulators’ list of largest health data breaches so far this year, in an incident impacting nearly 1.6 million individuals.Read More
Laid Off Worker Pleads Guilty in Medicaid Incident | Former Employee at Contractor Damaged Oregon Medicaid System After Losing Job
A former Hewlett Packard Enterprise worker has pleaded guilty in federal court to intentionally damaging an Oregon Medicaid system and causing it to fail a few days after he was laid off by the vendor.Read More
The Department of Health and Human Services reduced its fines for violations of HIPAA — the law requiring health care industries to protect customer data, according to a notice this week in the Federal Register. Driving the news: The new rules reduce a maximum fine of $1.5 million to a maximum fine of $250,000.Read More
The Department of Health and Human Services is lowering its top fines for less egregious HIPAA violations. Meanwhile, it’s pledging to make a “big push” to enforce patients’ right to access their health records. HHS will keep its revised interpretation of the HITECH Act penalty caps in mind “for all enforcement operations,” says Roger Severino, director of the HHS Office for Civil Rights, which enforces HIPAA.Read More
Cybercriminals stole the health records of more than 9 million Americans last year, according to data from U.S. Health and Human Services. The data collected includes breaches from hospitals, health insurers and other health organizations covered by the Health Insurance Portability and Accountability Act, which makes breaches public when they affect more than 500 people.Read More
New research from the Clearwater Cyber Intelligence Institute finds that laptop computers continue to present a substantial data security risk for the healthcare industry. Clearwater operates a database that holds millions of risk records from hospitals, delivery systems, and business associates. Data mining and informatics teams at the firm use analytics to identify common security weaknesses in provider organizations, insurance companies, and other entities.Read More
Hospitals and health systems are continuing to struggle with laptop vulnerabilities, caused primarily by endpoint data loss, excessive user permissions, and dormant accounts, according to new findings from Clearwater CyberIntelligence Institute. In fact, 70 percent of all high and critical risk scenarios for laptop vulnerabilities were caused by those risk areas. CCI researchers analyzed data from Clearwater’s proprietary database, which is exclusively focused on cybersecurity risks to hospitals, Integrated Delivery Networks, and business associates.Read More
ONE OF THE critical information governance (IG) functions is successful execution of an organization’s privacy and security responsibilities. Chief among these responsibilities is to conduct an accurate and thorough assessment of the potential risks and vulnerabilities to the confidentiality, integrity, and availability of electronic protected health information(ePHI). This assessment is a foundation upon which other security processes will depend. Poor or non-existent risk analysis processes have been a finding in 89 percent of settlement agreements and civil money penalties imposed by the US Department of Health and Human Services’ Office for Civil Rights (OCR). In 2018 alone, the cost was over $24 million for organizations that failed to implement effective risk analysis or risk management processes.Read More
Clearwater Partners with NSA Centers of Academic Excellence To Advance Cyber Defense Education Company’s IRM|Pro Software Prepares Students to Meet […]
Clearwater, a top-ranked provider of healthcare cyber risk software and consulting services, today announced the appointment of Cathie Brown as Vice President, Professional Services. Ms. Brown brings more than 30 years of experience in healthcare, health information technology, health information security and consulting.
In the first half of 2019, there were 223 reported breaches affecting 10.2 million individuals, an increase of 167% over the same period in 2018. These figures do not include the widely publicized American Medical Collections Agency breach, which is estimated to have affected at least 22 million individuals on its own.
In the case of American Medical Collection Agency’s (AMCA) highly publicized data breach, the cost proved unrecoverable as the 42-year-old parent company Retrieval-Masters Credit Bureau filed for bankruptcy just weeks after disclosing the breach.
Organizations should calculate the risk of a data breach, not only for covered entities but also for their business associates. A breach of your patient data will affect your organization, even if it’s by a business associate.
Many Chief Information Security Officers and Chief Compliance Officers often express concern to us about the potential disruption and cost that can come from an Office for Civil Rights (OCR) investigation, not to mention the reputational damage that will result from a settlement or monetary penalty. An appearance on the wall of shame is a mere blemish compared to the negative publicity of an OCR fine or settlement. However, the possibility of a State Attorney General (AG) action is often underestimated and overlooked. If a State AG enforcement is not top of mind for you and your board, it should be.