Health IT, HIPAA, and the CMS Incentive Programs Blog
For physicians, hospitals, government agencies, and business associatesLinksys Routers being attacked by Worm “The Moon”
Medical practices and other healthcare organizations who use consumer-grade networking equipment made by Linksys should take immediate steps to mitigate attacks that are spreading after researchers at the SANS Institute reported the outbreak of a self-replicating worm...
Protect yourself from CryptoLocker and other RansomWare
[Editor's Note: During 2016 Healthcare experienced a dramatic increase of virulent ransomware attacks. Please also see a more a more comprehensive list of security contols in the post Preventing and Mitigating Ransomware Attacks, posted 10/4/2016.] A nasty piece of...
Deadline extended for eligible professionals attesting to Meaningful Use
The Centers for Medicare & Medicaid Services (CMS) has extended the deadline for physicians and other eligible professionals to attest to meaningful use for the Medicare EHR Incentive Program 2013 reporting year. Also, some hospitals are being offered the...
OCR enforcement highlights importance of the Security Risk Analysis, Inventory
Several recent enforcement actions from the HHS Office of Civil Rights, along with OCR's consistent messaging, have highlighted the importance of the HIPAA security risk analysis for healthcare organizations. Further, recent cases make it clear that a comprehensive...
Smart devices – including a fridge- were used to distribute malicious emails
That’s right, even a refrigerator can now fall victim to hackers. According to security firm Proofpoint, more than 750,000 malicious emails were sent between Dec. 23, 2013 and Jan. 6, 2014, when hackers gained access to smart devices, such as common appliances, left...
HIPAA watchdog, the OCR, is non-compliant with mandated HIPAA audits
2014 is here and that means the long-delayed U.S. Department of Health and Human Services (HHS) random audit HIPAA audits may be starting soon. As we shared in another recent post (“Rodriguez of OCR discusses HIPAA Enforcement, other topics,”) the Director of the HHS...
Dermatology practice settles HIPAA case for $150,000
Adult & Pediatric Dermatology, P.C. (APD), a 12 physician dermatology practice with offices in Massachusetts and New Hampshire, has become the first covered entity to settle “potential” HIPAA violations, involving the lack of breach notification policies. The...
HIPAA Risk Assessment – Nation States and Terrorists
Healthcare organizations have good reason to adjust their threat assessments when updating their HIPAA Security risk analysis as required for HIPAA and meaningful use compliance. Based on a number of recent events, we know more about the capabilities and activities of...
