Privacy & Security

Groups hit with record $4.8M HIPAA fine
By Erin McCann | 09:26 am | May 08, 2014
To those shirking their HIPAA privacy and security duties: get ready to pay up. That's the message the Department of Health and Human Services is sending after it set records Wednesday for imposing the largest HIPAA monetary fine to date on two entities found to be seriously lacking in the security arena.
Interoperability beyond doom or gloom
By Diana Manos | 11:10 am | May 06, 2014
HIE among U.S. non-federal acute care hospitals has been trending upward since 2008, in fact, and it took some major leaps forward in 2013.
IE flaw ushers risky new era for XP use
By Mike Miliard | 12:10 pm | May 01, 2014
When even the Department of Homeland Security is warning against using Internet Explorer, it's a safe bet its security flaws are serious. But for many healthcare providers -- notably those still running on Windows XP -- IE's recently-exposed vulnerabilities won't be fixed by Microsoft.
Vendor sacked for HIPAA breach blunder
By Erin McCann | 11:31 am | May 01, 2014
Can a subcontractor expect to keep the job after accidentally posting protected health information of some 15,000 patients online? A Boston teaching hospital says, "definitely not."
CISO's biggest fear: 'what I don't know'
By Mike Miliard | 12:22 pm | April 29, 2014
Healthcare security is a multifaceted, ever-shifting challenge -- and all it takes is one missed cue for a costly breach to ensue, says Heather Roszkowski, chief information security officer of Fletcher Allen Healthcare. Technology can give a broader view of where data is, and who's doing what with it.
Hacker group strikes Boston Children's
By Erin McCann | 08:08 am | April 25, 2014
The Boston Children's Hospital has found itself the target of multiple cyberattacks throughout the past week, reportedly with the renowned hacker group Anonymous at the center of it.
Stolen laptops mean $2M in mega fines
By Mike Miliard | 11:27 am | April 23, 2014
Serving notice that "covered entities and business associates must understand that mobile device security is their obligation," the HHS Office for Civil Rights has settled with two organizations for a combined $1,975,220 penalty after their unencrypted computers were stolen.
Healthcare security stuck in Stone Age
By Erin McCann | 12:05 pm | April 22, 2014
Healthcare has a few things to do differently in the privacy and security arena -- one of them being: Start taking it seriously. This according to Verizon's annual breach report.
UPMC breach strikes 27,000 employees
By Bernie Monegain | 11:59 am | April 21, 2014
UPMC officials say the number of employees affected by a data breach at the renowned medical center is much higher than originally reported -- rising from 322 employees first disclosed on March 6, now up to 27,000 out of a total of 62,000 employees.
Why does healthcare resist encryption?
By Evan Schuman | 09:51 am | April 17, 2014
The most basic security truth in 2014 is that encryption done properly -- a high enough level of encryption, proper safeguarding of the encryption key -- is the best thing an IT department can do. Sill, many industries resist encryption, and healthcare is arguably the most strident.