Vendors should be more transparent and faster in communicating when they experience a breach or other security incident that affect clients' data, says Anahi Santiago, CISO at ChristianaCare. "Sometimes we find out about these incidents through our third-party monitoring systems," she said.
Effective security governance in a healthcare entity is a balancing act that requires sponsorship by top leadership and careful consideration of the concerns of clinicians and others in the organization, according to Eric Liederman and deputy CISO Steven Frank of Kaiser Permanente.
An online alcohol abuse counseling service is notifying about 109,000 clients of a data breach involving the company's prior use of tracking tools on its websites dating back to 2017. The breach affects members of Monument Inc. and Tempest, a counseling service acquired in May 2022.
Federal regulators have issued proposed changes to the HIPAA privacy rule aimed at protecting reproductive healthcare information from disclosures or uses involving law enforcement and related purposes in the wake of the Supreme Court last year overturning Roe v. Wade.
Federal regulators have issued new rules aimed at securing certified healthcare software, helping patients decide which records to keep private, and protecting data used by AI and predictive tools. The 556-page proposed rule seeks to promote innovation and data sharing while tightening security.
Regulators are scrutinizing the use of website tracking codes and analytics such as Meta Pixel and Google Analytics. Health entities must carefully assess how those tools are being used on their health-related websites, say privacy attorneys Cory Brennan of Taft and Mark Swearingen of Hall Render.
A former U.S. Army physician set to go to trial next month in a case alleging a scheme to provide military medical records to the Russian government contends they will not get a fair trial unless they are tried separately from their alleged co-conspirator spouse.
A Florida-based community healthcare system has begun notifying about 20,000 individuals whose information was compromised in a data security incident that prompted the organization to operate under its IT downtime procedures, including diverting some emergency patients, for two weeks in February.
Three healthcare organizations joined the list of entities treating past use of tracking technologies in patient websites as a data breach reportable to federal authorities. The entities admitting such incidents are New York-Presbyterian Hospital, UC San Diego Health and Brooks Rehabilitation.
The DC Health Benefit Exchange Authority - the online health insurance marketplace servicing Washington, D.C., residents and congressional staff - is facing two proposed class action lawsuits in the aftermath of a hack that affected more than 56,400 individuals, including members of Congress.
An Alabama cardiovascular clinic is facing a proposed class action lawsuit filed by one of the nearly 442,000 individuals affected by a data exfiltration breach reported last month. The lawsuit seeks a detailed list of security improvements by the clinic and 10 years of court compliance monitoring.
In the latest weekly update, ISMG editors discuss how the Silicon Valley Bank crash will affect innovation in the cybersecurity space, why the SEC fined cloud provider Blackbaud $3 million for its "erroneous" breach details, and why the feds fined a web hosting firm in a kids' insurance site hack.
A vendor of clinical and third-party administrative services to managed care organizations and healthcare providers serving elderly and disabled patients said a cybersecurity incident last summer has affected more than 4.2 million individuals.
A Florida company will pay nearly $300,000 to settle allegations stemming from a 2020 hacking incident that revealed the personal identifying information of hundreds of thousands of minors. The settlement with Jelly Bean Communications Design is part of a federal crackdown on lax cybersecurity.
A cancer patient whose partially naked exam photos and personal data were stolen and subsequently posted on a ransomware leak site last month filed a proposed class action lawsuit, alleging that Lehigh Valley Health Network's refusal to pay the ransom "prioritized money over patient privacy."
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.asia, you agree to our use of cookies.
