The Health Sector Cybersecurity Coordination Center (HC3) provides timely updates to the health care sector on cybersecurity threats and mitigation. In the last several weeks, HC3 has issued two alerts worth paying close...more
Additional States Implement Notice Requirements for Healthcare Transactions -
In a prior blog post, we noted the trend of states enacting legislation implementing reporting requirements for certain healthcare transactions....more
The World Health Organization (WHO) recently published “Ethics and Governance of Artificial Intelligence for Health: Guidance on large multi-modal models” (LMMs), which is designed to provide “guidance to assist Member States...more
On December 8, 2023, New York Attorney General Leticia James penned her approval to an Assurance of Discontinuance with third party dental administrator Healthplex, settling the enforcement action for $400,000 and a litany of...more
On November 17, 2023, the Cybersecurity & Infrastructure Security Agency (CISA) released a supplemental mitigation guide for the healthcare and public health sector to the Cyber Risk Summary for those sectors published on...more
On November 13, 2023, Governor Kathy Hochul released proposed cybersecurity regulations applicable to all hospitals located within the state of New York. The Governor has included $500 million in grant funding in her FY24...more
11/17/2023
/ Cybersecurity ,
Data Protection ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
New York ,
Patient Privacy Rights ,
PHI ,
Proposed Regulation ,
Regulatory Agenda ,
Regulatory Reform
On October 30, 2023, President Biden issued the “Executive Order on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence” (AI EO), which has specific impacts on the healthcare industry. We detailed...more
The healthcare industry, like all industries, is experimenting with AI tools. As we have commented before, the legal issues that are present with the use of AI tools apply to all industries and consideration should be given...more
On August 15, 2023, the Joint Commission issued a Sentinel Event Alert entitled “Preserving patient safety after a cyberattack,” which provides “tips on what organizations can do to prepare to deliver safe patient care in the...more
9/8/2023
/ Cyber Attacks ,
Cyber Crimes ,
Cybersecurity ,
Data Breach ,
Data Protection ,
Data Security ,
Health Care Providers ,
Healthcare ,
Information Technology ,
Patient Privacy Rights ,
Ransomware ,
The Joint Commission
On July 20, 2023, the Federal Trade Commission and the Department of Health and Human Services issued letters to hospitals and telehealth providers “about the privacy and security risks related to the use of online tracking...more
Nevada Governor Joe Lombardo recently signed into law a sweeping and restrictive consumer health data privacy law that requires covered entities (defined as any person who conducts business in the state or produces or...more
7/10/2023
/ Consumer Privacy Rights ,
Data Management ,
Data Privacy ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Healthcare ,
Nevada ,
New Legislation ,
Personal Data ,
State Data Privacy Laws
New York Attorney General Letitia James announced on March 27, 2023 that she had levied a fine against law firm Heidell, Pittoni, Murphy & Bach LLP for failing to secure personal and health information of clients exposing the...more
3/30/2023
/ Cybersecurity ,
Data Breach ,
Data Management ,
Data Protection ,
Data Security ,
Electronic Protected Health Information (ePHI) ,
Enforcement Actions ,
Fines ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
Legal Representatives ,
New York ,
PHI ,
State Attorneys General
HIPAA requires that covered entities notify the Office for Civil Rights (OCR) of any breaches of unsecured protected health information that affects less than 500 individuals in a calendar year within 60 days following the...more
2/24/2023
/ Data Breach ,
Electronic Protected Health Information (ePHI) ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
HIPAA Breach Notification Rule ,
OCR ,
PHI ,
Regulatory Requirements ,
Reporting Requirements ,
Statutory Deadlines
The Federal Trade Commission (FTC) announced on February 1, 2023 that it has settled, for $1.5M, its first enforcement action under its Health Breach Notification Rule against GoodRx Holdings, Inc., a telehealth and...more
2/3/2023
/ Data Management ,
Data Privacy ,
Data-Sharing ,
Enforcement Actions ,
Federal Breach Notification Standard ,
Federal Trade Commission (FTC) ,
Healthcare ,
PHI ,
Prescription Drugs ,
Settlement Agreements ,
Targeted Digital Advertising ,
Telehealth
CYBERSECURITY -
Nineteen States Have Banned TikTok on Government-Issued Devices -
Governors of numerous states have issued Executive Orders in the past several weeks banning TikTok from government-issued devices and...more
12/23/2022
/ China ,
Coronavirus/COVID-19 ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
Diagnostic Tests ,
Hackers ,
Healthcare ,
Infectious Diseases ,
Scams ,
TikTok ,
Vulnerability Assessments
The federal government has implemented a program in which each household can order four free COVID-19 test kits through the United States Postal Service (USPS). This is a perfect opportunity for scammers to spoof the USPS...more
12/22/2022
/ Coronavirus/COVID-19 ,
Data Collection ,
Healthcare ,
Infectious Diseases ,
Internet ,
Online Platforms ,
Scams ,
USPS ,
Virus Testing ,
Vulnerability Assessments ,
Websites
The Health Care Sector Cybersecurity Coordination Center (IC3) recently released an Analyst’s Note to health care organizations providing information on a new variant of ransomware called Venus (also known as GOODGAME)....more
The Cybersecurity & Infrastructure Security Agency, the FBI and the U.S. Department of Health & Human Services released a Joint Advisory last week warning organizations, particularly those in the health care and public health...more
11/4/2022
/ Cyber Attacks ,
Cyber Threats ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
Department of Health and Human Services (HHS) ,
FBI ,
Healthcare ,
Homeland Security Cybersecurity & Infrastructure Security Agency (CISA) ,
Joint Statements ,
Public Health ,
Ransomware ,
Vulnerability Assessments
CYBERSECURITY -
Hackers Experimenting with Deploying Destructive Malware -
It’s a cold, hard fact that hackers don’t really care about their victims or their victims’ data or business. They are greedy, evil human...more
9/30/2022
/ California Consumer Privacy Act (CCPA) ,
Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Dobbs v. Jackson Women’s Health Organization ,
Hackers ,
Healthcare ,
Identity Theft ,
Location Data ,
Malware ,
Online Safety for Children ,
Patient Access ,
Ransomware ,
Samsung
In response to Dobbs v. Jackson Women’s Health Organization, California Governor Gavin Newsom recently signed AB 1242 into law, which “prohibits law enforcement and California corporations from cooperating with out-of-state...more
9/29/2022
/ Abortion ,
Data Privacy ,
Dobbs v. Jackson Women’s Health Organization ,
Document Requests ,
Electronic Communications ,
Healthcare ,
Investigations ,
Law Enforcement ,
Location Data ,
New Legislation ,
Pregnancy ,
Reproductive Healthcare Issues ,
Roe v Wade ,
SCOTUS ,
Search Warrant
The FBI issued a Private Industry Notification targeted to the health care sector on September 12, 2022, warning that it has “identified an increasing number of vulnerabilities posed by unpatched medical devices that run on...more
On August 23, 2022, the Office for Civil Rights (OCR) issued a press release announcing that it had settled with New England Dermatology, P.C. (NED) for $300,640 “over the improper disposal of protected health information.” ...more
Boise State Public Radio has reported that the Idaho Health Data Exchange (IHDE) filed for Chapter 11 bankruptcy on August 12, 2022. IHDE is a not-for-profit organization that was launched in 2009 to provide access to patient...more
CYBERSECURITY -
Joint Advisory Warns of MedusaLocker Ransomware -
A recently-issued joint advisory by the FBI, the Cybersecurity and Infrastructure Security Agency, the Financial Crimes Enforcement Network, and the...more
According to the 2022 State of Ransomware Report issued recently by Sophos, it surveyed 5,600 IT professionals from 31 countries, including professionals in the health care sector. Those professionals in the health care...more
6/29/2022
/ Cyber Attacks ,
Cybersecurity ,
Data Breach ,
Electronic Medical Records ,
Hackers ,
Health Care Providers ,
Health Insurance Portability and Accountability Act (HIPAA) ,
Healthcare ,
HIPAA Breach ,
Identity Theft ,
Information Technology ,
PHI ,
Popular ,
Ransomware ,
Risk Mitigation ,
Vulnerability Assessments