Security

The 28-hospital Indian Health Service has failed a mock cyberattack conducted by HHS' Office of Inspector General after its computer network was discovered to have "high risk" vulnerabilities.

While the U.S. continues digitizing its healthcare industry, a huge challenge is arising: not only securing those systems but verifying identities. With a steady stream of HIPAA-covered data breaches continuing over the past few years, some argue that current identity security approaches just aren't adequate.

If you're in charge of a healthcare organization's data privacy and security, listen up. You now have a new, valuable resource at your fingertips.

In the first settlement of its kind, Skagit County, Washington will pay the Department of Health and Human Services $215,000 to make up for deficiencies in its HIPAA compliance program.

In a year where "compliance and enforcement is really where the action is going to be," it might help to have some advice on how to keep on the right side of patient privacy law.

HIPAA "has seen a lot of action lately," said Susan McAndrew, deputy director for health information privacy at the Department for Health and Human Services' Office For Civil Rights, at HIMSS14 on Monday.

Protecting your hospital's data is no longer just about managing the systems inside your enterprise. Changes being considered in federal privacy regulations are prompting the legal counsel at many hospitals to begin looking at the security policies of contractors and even sub-contractors.

Who's responsible when a medical device breaks down or is hacked -- the manufacturer who made it or the healthcare provider who's using it?

The findings of a new HIMSS healthcare security report have been released, and the data may surprise you.

IT security is complicated, made even more so by the dynamic nature of technology and the ever challenging threat landscape. It may be best to think of IT security as a chronic illness, a condition that requires ongoing treatment, testing, and re-evaluations.