According to Jim Trainor, deputy assistant director of the FBI Cyber Division, “Major intrusions into healthcare providers’ computer systems now are happening at the pace of two or three a day.”
The largest healthcare data breach to date involved the insurance giant Anthem, in which about 80 million patient records were compromised. The cost of cleaning […]
Traditional approaches to patient safety and healthcare information security will need to evolve to address today’s emerging threats. The current risk environment for hospitals and healthcare organizations is changing quickly and includes a wide spectrum of threats — ranging from traditional intrusions designed to steal protected health information (PHI) to more novel and emerging attacks, […]
The Office for Civil Rights (“OCR”) released guidance on July 11, 2016 regarding ransomware and HIPAA. This guidance outlines activities supported by HIPAA that will assist Covered Entities and Business Associated in either preventing or quickly responding to ransomware attacks. To illustrate, the guidance calls for:
Implementing a security management process, including conducting a risk analysis […]
Centers for Medicare and Medicaid Services (CMS) says Meaningful Use (MU) will live on in MACRA. If you thought Stage 3 of the Electronic Health Record (EHR) Incentive Program was being consigned to the regulatory ether given the newly proposed Medicare Access and CHIP Reauthorization Act of 2015 (MACRA) rule, time for some new thinking.
CMS […]
Typically, when hospitals declare emergencies, it’s for incoming patients—not their own internal computer systems. But, in March 2016, Methodist Hospital in Henderson, Kentucky, declared an emergency.
After being hit by a ransomware infection, the hospital placed a scrolling red alert on its homepage stating: “Methodist Hospital is currently working in an Internal State of Emergency due […]
On July 27th, 2016, OCR HIPAA investigator will share insider’s view of Office for Civil Rights (OCR) Phase 2 Audit readiness
OCR allows 10 days to respond to a Phase 2 audit request. Are there still gaps in your HIPAA compliance program?
Similar to Phase 1, the Phase 2 audit protocol includes a comprehensive review of […]
Not Just Another Pretty Face!
Within a few weeks, Clearwater will be unveiling new versions of our IRM|Analysis™, IRM|Security™, and IRM|Privacy™ software products designed with enhanced workflow and streamlined efficiency in mind.
The abundance of content and features contained within our suite of advanced, powerful software tools have evolved to the point that we wanted to provide […]
Who’s Responsible for Cybersecurity? Industry Searches for Clear Answers
We’re now living in what has been called the “era of the mega breach.” Globally, businesses are estimated to lose $445 billion annually due to cybercrime, according to the Center for Strategic and International Studies. What’s more, the overall threat landscape has evolved significantly with respect to […]
Guest post contributed by: Kamal Govindaswamy CISSP, CIPP/US, CCSP Principal, RisknCompliance Consulting Group
I have written my opinion about HITRUST CSF/RMF and the HITRUST certification mandate starting with my first open letter to the HITRUST Alliance last fall, and subsequently – second and third letters.
More recently, I have been thinking about an alternative approach to […]
A proposed bill to establish the Chief Information Security Officer (CISO) as an organizational peer to the Chief Information Officer (CIO) at the Department of Health and Human Services (HHS) will drive cybersecurity concerns to the top of the list. If the bill passes, the CISO would have clear separation of duties from the CIO […]
