Privacy & Security

 Fifty-three percent of medical devices have vulnerabilities known to cybercriminals, says Mark Bowling of ExtraHop.

All but one hospital were imposed with fines per violation of the Personal Information Protection Act.

In its new survey report and implementation guide, the initiative said both HIPAA covered entities and vendors see the legacy TPRM process as a productivity drain, demonstrating a need to create norms around inherent risk and vendor tiering.

Healthcare and life sciences are facing the need to create a secure, continuous and integrated research platform across converging and often disparate systems.

Edward Yurcisin, chief technology officer at the NCQA, says the organization is using its open-source CQL engine to digitize HEDIS measures and others to improve the quality of healthcare in the U.S. and internationally with FHIR.

Healthcare organizations need a strong cyber threat intelligence program to understand risk and harden their security posture.

HIPAA covered entities should be proactive, requiring notification of any security incident – not just breaches – in their business agreements, says Michelle Garvey Brennfleck, healthcare corporate and regulatory shareholder at Buchanan Ingersoll & Rooney PC.

The agencies contacted 130 health systems and telehealth providers by mail to emphasize the potential HIPAA risks of using Meta/Facebook pixel and Google Analytics tracking tools that may be "impermissibly disclosing" protected health information.

Steven Ramirez, CISO at Renown Health, and Steve Cagle, CEO at Clearwater, talk about the top cyber threats to healthcare and how vendors and providers – as evidenced by their long-term partnership – can work together for better risk management.

Threat actors are using artificial intelligence for both designing and executing attacks on hospitals and health systems. HC3 used ChatGPT to show how bad actors leverage generative AI to design spear-phishing emails and malware.