The National Association of Attorneys General is urging Congress to drop the "cumbersome, out-of-date privacy rules" contained in federal regulations on substance abuse and instead apply the "effective and more familiar" HIPAA Privacy Rule to help address the opioid crisis by easing the sharing of data.
The sentencing of a former worker at a substance abuse treatment provider in connection with a Medicaid fraud conspiracy "is an important reminder about the threats from insiders," one privacy attorney says.
Enumerating medical devices, identifying where the security risks lie and then implementing a multilayered defense plan to mitigate risks should be top priorities for healthcare organizations, says thought leader John Halamka, M.D., executive director for technology exploration at Beth Israel Lahey Health.
Authentication vulnerabilities in certain GE Healthcare anesthesia devices could potentially allow remote attackers to meddle with the devices, researchers say. GE disputes some of the findings. Find out what other security experts have to say.
A cybersecurity vulnerability discovered in open source software used by organizations conducting genomic analysis could potentially have enabled hackers to affect the accuracy of patient treatment decisions. But the vulnerability was patched before hackers took advantage of it, researchers believe.
The traditional IAM strategy has been to tie individual users with a unique device. But that doesn't work in healthcare settings, where doctors and nurses often share multiple devices. Jigar Kadakia of Partners HealthCare talks about how he approaches this critical challenge.
Encouraged by the moves of medical device manufacturers, Jennings Aske, CISO of NY Presbyterian Hospital, says the "state of the union" of medical device security has improved dramatically. But what more is needed to mitigate risks?
In a rare move, the Food and Drug Administration has warned patients that medical device maker Medtronic has issued a voluntary recall of certain wireless insulin pumps due to cybersecurity vulnerabilities that cannot be adequately patched.
The number of individuals affected by a phishing-related breach disclosed in March by the Oregon Department of Human Services has nearly doubled, according to a new notification statement, which offers more details.
Implementing new technologies and best practices can help healthcare organizations dramatically improve their detection of data breaches, says Mitch Parker, CISO of Indiana University Health System, who will be a featured speaker at ISMG's Healthcare Security Summit on June 25 in New York.
The House of Representatives has approved an amendment that would lift a 20-year ban on the Department of Health and Human Services funding the development or adoption of a unique, national patient identifier. But plenty of hurdles remain. Find out why this is a critical issue for CISOs as well as privacy officers.