News & Analysis as of

Business Associates Cyber Attacks

Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as... more +
Business Associates can refer broadly to individuals engaged in business relationships with one another. However, in the HIPAA context, the term has a specific statutory meaning and those characterized as business associates have expanded data protection obligations and duties. Essentially, a business associate under HIPAA is a person or entity that performs certain functions or services which necessitates exposure to protected health information on behalf of a covered entity. Typical business associate functions include: claims processing or administration, data analysis, billing, etc.    less -
Dentons

Ep. 19 - What to Do When Your Business Associate Suffers a Ransomware Attack

Dentons on

The healthcare industry remains a popular target for ransomware attacks. If you haven’t been impacted by a ransomware attack, it’s likely only a matter of time before someone you do business with or buy services from is...more

Fisher Phillips

Insider Threats to Healthcare Data: What You Need to Know and 5 Steps You Can Take Now

Fisher Phillips on

Healthcare data breaches are occurring more frequently and on larger scales than ever before – and while you defend against cyberattacks and other external threats, make sure you do not overlook the critical role your...more

Health Care Compliance Association (HCCA)

‘I Will Not Rest’; ‘I Am All In’: Remarkable Breach Hearing Sees Pledges by UHG CEO, Sen. Wyden

Health Care Compliance Association (HCCA) on

United Healthcare Group (UHG) CEO Andrew Witty was in a board meeting on Feb. 21 when officials interrupted with the news that Change Healthcare—a clearinghouse UHG subsidiary Optum had purchased for $1.3 billion in October...more

Bricker Graydon LLP

HHS Issue Six Figure Penalty for Ransomware Attack

Bricker Graydon LLP on

Late last year, the Department of Health and Human Services (HHS) issued its first HIPAA settlement agreement involving a ransomware attack. In the press release announcing the settlement, HHS stated that they began...more

Saul Ewing LLP

Business Associate Agrees to $100,000 Settlement Following Cyber Attack

Saul Ewing LLP on

On Halloween, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR) announced a $100,000 settlement under the Health Insurance Portability and Accountability Act (HIPAA) with Doctors’...more

Health Care Compliance Association (HCCA)

2022 Outlook: More Dangerous Ransomware Coupled With Inadequate Security Practices

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more

Health Care Compliance Association (HCCA)

Facing Escalating Attacks, AHA Presses OCR to Expedite Security Practices Rule

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 21, no. 12 (December, 2021) - Amid the letters of congratulations to new HHS Office for Civil Rights (OCR) Director Lisa Pino is a plea from the American Hospital Association (AHA): “victims” of...more

Health Care Compliance Association (HCCA)

Compliance Refresher: Get Cozy With IT Folks, Review Insurance, Fine-Tune Policies, Training

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 21, no. 11 (November, 2021) - Attorney Brad Hammer doesn’t always don a suit and tie, or what he calls his “lawyer’s uniform.” A privacy and security expert and founder of the Vakaris Group based...more

Health Care Compliance Association (HCCA)

FBI: More Awareness, Due Diligence Needed To Fight China in New ‘Space Race’ for Data

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 21, no. 10 (October, 2021) - Conducting a risk analysis is a basic tenet of security compliance, with the overarching goal of understanding where protected health information (PHI) “lives” in an...more

Robinson+Cole Data Privacy + Security Insider

Cyber Criminals Focusing on Clinics + Business Associates

Robinson+Cole Data Privacy + Security Insider on

As hospital systems become more hardened to cyber-attacks, cyber criminals are focusing their efforts on smaller providers, such as outpatient clinics, specialty clinics and business associates, according to a report by...more

Health Care Compliance Association (HCCA)

Nick Culbertson on Compliance Breaches in Healthcare

Health Care Compliance Association (HCCA) on

Preventing data breaches is a critical task for all businesses these days, but it’s especially so in healthcare. No one wants to see health information disclosed, and the risks of a ransomware attack are enormous, literally...more

Health Care Compliance Association (HCCA)

Security Threats Soar From Nation-State Bad Actors as the New Year Gets Underway

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 18, no. 1 (January 2021) - Security threats to health care entities will continue to escalate in 2021, as bad actors with significant capabilities target pandemic-weary organizations still...more

Pillsbury Winthrop Shaw Pittman LLP

Despite COVID-19 Challenges, No Extension of Form CRS Compliance Date for Investment Advisers

Pillsbury Winthrop Shaw Pittman LLP on

On April 7, 2020, the staff of the Office of Compliance Inspections and Examinations (OCIE) issued a risk alert (Alert) informing investment advisory firms of the potential areas of focus for Form CRS-related examinations. In...more

Health Care Compliance Association (HCCA)

Report on Patient Privacy Volume 20, Number 2. Privacy Briefs: February 2020

Health Care Compliance Association (HCCA) on

Report on Patient Privacy 20, no. 2 (February 2020) - A ruling from Georgia’s highest state court could set a precedent that determines recourse for victims of cyberattacks. The Georgia Supreme Court ruled in late December...more

Fox Rothschild LLP

HIPAA Security And “Zero Day” Exploits: How To Stay Ahead Of The Hack

Fox Rothschild LLP on

HHS Office for Civil Rights (OCR)’s April 3, 2019 cybersecurity newsletter highlights one of the more challenging cybersecurity vulnerabilities faced by covered entities and business associates. OCR reminds covered entities...more

Baker Donelson

More Help for Health Care Organizations: HHS Releases Voluntary Cybersecurity Practices Developed with Industry Input

Baker Donelson on

On Friday, December 28, 2018, the Department of Health and Human Services (HHS) released several documents, including the "Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients," an...more

Poyner Spruill LLP

Five Takeaways from the OCR Reminder on HIPAA Obligations In Ransomware Incidents

Poyner Spruill LLP on

Apparently prompted by the recent high-profile wave of ransomware attacks, the Department of Health and Human Services’ Office of Civil Rights (OCR) has reminded hospitals, healthcare systems, and other covered entities and...more

Latham & Watkins LLP

How Can Healthcare Organizations Prepare for the Next Cyberattack?

Latham & Watkins LLP on

HHS OCR issues checklist, iterative guidance in wake of WannaCry and Petya attacks; Anthem breach settlement provides additional lessons. Key Points: ..Healthcare organizations are particularly vulnerable to ransomware...more

Tucker Arensberg, P.C.

HHS Publishes Health Care Cyber Attack Checklist

Tucker Arensberg, P.C. on

HHS has published a very brief guide, in the form of a checklist, to explain the steps for a HIPAA covered entity or business associate to take in response to a cyber related security incident. You can access the checklist at...more

Balch & Bingham LLP

My Entity Just Experienced a Cyber-Attack! What Do We Do Now?

Balch & Bingham LLP on

On June 9, 2017, the U.S. Department of Health and Human Services (HHS), Office of Civil Rights (OCR) released a cyber-attack “Quick Response” checklist (the Checklist) for the benefit of HIPAA covered entities and business...more

Mintz - Health Care Viewpoints

OCR Publishes Checklist and Infographic for Cyber Attack Response

Mintz - Health Care Viewpoints on

OCR released a simple checklist and infographic last week to assist Covered Entities and Business Associates with responding to potential cyber attacks. As cybersecurity remains a pressing concern for health care entities,...more

Mintz - Privacy & Cybersecurity Viewpoints

A New FBI Warning for Healthcare Providers

Mintz - Privacy & Cybersecurity Viewpoints on

The FBI has issued new guidance specifically applicable to medical and dental facilities regarding the cybersecurity risk of File Transfer Protocol (“FTP”) servers operating in “anonymous” mode. FTPs are routinely used to...more

Robinson+Cole Data Privacy + Security Insider

UMass Amherst Settles HIPAA Violations with OCR for $650,000

Robinson+Cole Data Privacy + Security Insider on

The Office for Civil Rights (OCR) has announced that the University of Massachusetts Amherst (UMass) has agreed to settle an investigation against it as a result of a malware infection for $650,000, along with implementing a...more

Robinson+Cole Data Privacy + Security Insider

OCR Alerts Listservs About Fake Phishing Email to Covered Entities and Business Associates

Robinson+Cole Data Privacy + Security Insider on

On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels”...more

Parker Poe Adams & Bernstein LLP

OCR Issues Guidance on Ransomware Attacks and Determining Whether a Reportable HIPAA Breach Exists

Parker Poe Adams & Bernstein LLP on

The Office of Civil Rights (“OCR”) has issued new guidance in connection with an increase of malicious cyberattacks, namely ransomware attacks on healthcare organization’s computer systems. Ransomware is a defined by HHS as a...more

35 Results
 / 
View per page
Page: of 2
Next »

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide