Tag: HIPAA
-
HSCC Urges White House to Shift Gears on Health Cyber Regs
by
in SecurityNewsThe Health Sector Coordinating Council is urging the Trump administration to drop work on a proposed HIPAA security rule update and instead engage in a collaborative dialogue with healthcare sector leaders to create alternative cyber requirements, said Greg Garcia, executive director of HSCC. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/hscc-urges-white-house-to-shift-gears-on-health-cyber-regs-i-5472
-
RFK Jr. Cuts at HHS Affect HIPAA, Cyber Response Units
by
in SecurityNewsHHS Laying Off 10,000 More People, Consolidating Divisions, Shifting Priorities. The U.S. Department of Health and Human Services announced a major restructuring and workforce reductions on Thursday. The changes disclosed so far include reshuffling units of HHS involved in healthcare sector cybersecurity response activities and HIPAA regulatory work. First seen on govinfosecurity.com Jump to article:…
-
Fitness Firm Pays Feds $228K in Misconfiguration Breach
by
in SecurityNewsSettlement Is 5th HIPAA Enforcement Action Under HHS’s OCR Risk Analysis Initiative. An Illinois-based firm that provides fitness and wellness plans to clients throughout the U.S. has agreed to pay federal regulators a settlement of nearly $228,000 and implement a corrective action plan following an IT misconfiguration incident caused several breaches in late 2018 and…
-
HHS OCR Launches New Round of HIPAA Compliance Audits
by
in SecurityNewsAudits Focus on HIPAA Security Rule Provisions Related to Ransomware, Hacking. Federal regulators have quietly resumed compliance audits of HIPAA-regulated organizations. With the surge in ransomware and other hacks reported in recent years, the focus of the audits are on provisions of the HIPAA security rule most relevant to these attacks, said a government official.…
-
Why Continuous Compliance Monitoring Is Essential For IT Managed Service Providers
by
in SecurityNewsRegulatory compliance is no longer just a concern for large enterprises. Small and mid-sized businesses (SMBs) are increasingly subject to strict data protection and security regulations, such as HIPAA, PCI-DSS, CMMC, GDPR, and the FTC Safeguards Rule. However, many SMBs struggle to maintain compliance due to limited IT resources, evolving regulatory requirements, and complex security…
-
HHS Investigators Get New Mission Under Trump: Root Out DEI
by
in SecurityNewsStretched Agency Must Balance HIPAA Enforcement With Policing DEI in Healthcare. HHS investigators charged with protecting the civil rights and privacy of patients are now assigned to finding and stamping out diversity, equity and inclusion programs at universities and hospitals, with DEI now deemed discriminatory under the Trump administration. First seen on govinfosecurity.com Jump to…
-
Mangelhafte Cybersicherheit im Gesundheitswesen
by
in SecurityNews
Tags: access, ai, chatgpt, compliance, cyberattack, cyersecurity, data, endpoint, exploit, HIPAA, insurance, ransomware, resilience, risk, service, usa, vpn, vulnerability, vulnerability-management, windows15 Prozent der Endgeräte im Gesundheitssektor haben keine oder nicht-übereinstimmente Sicherheits- und Risikokontrollen.Laut dem aktuellen Horizon Report 2025 wurden im Jahr 2024 weltweit 183 Millionen Patientendaten kompromittiert. Das ist ein Anstieg von neun Prozent im Vergleich zum Vorjahr. Doch weshalb fällt es für Gesundheitseinrichtungen so schwer, sich ausreichend vor Ransomware-Angriffen zu schützen?Um das herauszufinden, hat…
-
Proactive Security: Navigating HIPAA’s Proposed Risk Analysis Updates
by
in SecurityNewsNOTE: This article discusses proposed changes to existing regulations. These changes are not in effect as of this article’s date… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/proactive-security-navigating-hipaas-proposed-risk-analysis-updates/
-
SIEM-Kaufratgeber
by
in SecurityNews
Tags: access, ai, api, business, cloud, compliance, container, cyberattack, data, detection, DSGVO, encryption, framework, HIPAA, infrastructure, least-privilege, mail, microsoft, mitre, ml, monitoring, open-source, saas, service, siem, skills, soar, software, threat, toolDie kontextuellen Daten, die SIEM-Lösungen liefern, sind eine grundlegende Komponente moderner Security-Stacks.Protokoll-Daten zu auditieren, zu überprüfen und zu managen, ist alles andere als eine glamouröse Aufgabe aber ein entscheidender Aspekt, um ein sicheres Unternehmensnetzwerk aufzubauen. Schließlich schaffen Event Logs oft eine sekundäre Angriffsfläche für Cyberkriminelle, die damit ihre Aktivitäten verschleiern wollen.Vorgängen wie diesen treten Netzwerksicherheitsexperten…
-
Groups Call for Trump to Rescind Proposed HIPAA Rule Update
by
in SecurityNewsHealth Industry Associations Complain That Proposed Cyber Mandates Are ‘Staggering’. Seven major healthcare industry groups are urging the Trump administration to rescind a proposed update to the HIPAA security rule issued at the end of the Biden administration. The costs and regulatory burden to comply would be staggering to the healthcare sector, they said. First…
-
Die besten DAST- & SAST-Tools
by
in SecurityNews
Tags: access, ai, api, application-security, authentication, awareness, cloud, cyberattack, cybersecurity, docker, framework, HIPAA, injection, PCI, rat, risk, risk-management, service, software, sql, supply-chain, tool, vulnerability, vulnerability-managementTools für Dynamic und Static Application Security Testing helfen Entwicklern, ihren Quellcode zu härten. Wir zeigen Ihnen die besten Tools zu diesem Zweck.Die Softwarelieferkette respektive ihre Schwachstellen haben in den vergangenen Jahren für viel Wirbel gesorgt. Ein besonders schlagzeilenträchtiges Beispiel ist der Angriff auf den IT-Dienstleister SolarWinds, bei dem mehr als 18.000 Kundenunternehmen betroffen waren.…
-
Will DOGE Access to CMS Data Lead to HIPAA Breaches?
by
in SecurityNewsExperts Cast Nervous Eye on Musk and Team’s Handling of Health-Related Info. Privacy experts are keeping a nervous eye on the potential for compromises involving Americans’ health and personal information resulting from the White House’s Department of Government Efficiency – led by Elon Musk – accessing government IT systems containing Medicare and health related data.…
-
Ex-HIPAA Officer: State Illegally Shared PHI for Research
by
in SecurityNewsLawsuit Claims R.I. Health Information Exchange Retaliated Against ‘Whistleblower’. The former HIPAA compliance officer of Rhode Island’s state health information exchange is suing the organization in a federal lawsuit claiming that she was terminated from her job after blowing the whistle on the HIE’s alleged unlawful disclosures of patient information for research purposes. First seen…
-
What 2025 HIPAA Changes Mean to You
by
in SecurityNews
Tags: access, application-security, authentication, breach, business, cloud, compliance, control, cybersecurity, data, encryption, healthcare, HIPAA, identity, incident response, insurance, law, mfa, monitoring, nist, office, penetration-testing, privacy, risk, risk-analysis, service, strategy, threat, tool, vulnerabilityWhat 2025 HIPAA Changes Mean to You madhav Tue, 02/04/2025 – 04:49 Thales comprehensive Data Security Platform helps you be compliant with 2025 HIPAA changes. You are going about your normal day, following routine process at your healthcare organization, following the same business process you’ve followed for the last twelve years. You expect Personal Health…
-
HIPAA Cybersecurity Requirements and Best Practices
by
in SecurityNewsThe Health Insurance Portability and Accountability Act (HIPAA) mandates a stringent framework for protecting sensitive patient information. These standards form the foundation of cybersecurity measures within the healthcare sector, ensuring… First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/hipaa-cybersecurity-requirements-and-best-practices/
-
DeepSeek hit by cyberattack and outage amid breakthrough success
by
in SecurityNews
Tags: access, ai, apple, attack, ceo, china, compliance, control, cyberattack, cybersecurity, data, detection, encryption, finance, GDPR, google, group, HIPAA, infrastructure, malicious, nvidia, open-source, risk, saas, service, startup, technology, threat, tool, training, vulnerabilityChinese AI startup DeepSeek said it was hit by a cyberattack, prompting the company to restrict user registrations and manage website outages as demand for its AI assistant soared.According to the company’s status page, DeepSeek has been investigating the issue since late evening Beijing time on Monday.”Due to large-scale malicious attacks on DeepSeek’s services, registration…
-
US takes aim at healthcare cybersecurity with proposed HIPAA changes
by
in SecurityNews
Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-managementThe US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
-
State and Federal Healthcare Cyber Regs to Watch in 2025
by
in SecurityNewsUnder the Trump administration, the proposed update to the HIPAA Security Rule – issued in the final weeks of the Biden administration – is likely to get trimmed but not totally cut, predicts regulatory attorney Sharon Klein of the law firm Blank Rome. What else should the health sector expect? First seen on govinfosecurity.com Jump…
-
Box-Checking or Behavior-Changing? Training That Matters
by
in SecurityNewsExploring New Ways to Deliver and Measure Cybersecurity Awareness Programs Regulations like GDPR, HIPAA and CMMC have made security awareness training a staple of corporate security programs. But compliance is only part of the story. Organizations face an even deeper challenge: influencing employee behavior in ways that create a truly secure workplace. First seen on…
-
15 States Sue HHS to Drop HIPAA Reproductive Health Info Reg
by
in SecurityNewsHHS’ Privacy Rule Update Limits Use, Disclosure of Reproductive Health PHI. A Biden administration HIPAA Privacy Rule that went into effect last June to restrict the disclosure of reproductive health information is being challenged in federal court by the attorneys general of 15 states. The AGs are asking a Tennessee federal court to overturn the…