Cyber Security News

  • Through HIPAA Security Rule Part 1

    Through HIPAA Security Rule Part 1

    § 164.306 Security standards: General rules. (a) General requirements. Covered entities must do the following: (1) Ensure the confidentiality, integrity, and availability of all electronic protected health information the covered entity creates, receives, maintains, or transmits. (2) Protect against any anticipated threats or hazards to the security or integrity of such information. (3) Protect against…

  • Patient Data Leaked 

    Recently, we had a practice contact us as one of their vendors had been hit with a ransom attack which also encrypted the devices within their practice. The vendor told the doctor that he did not need to take any action as the vendor was going to pay the ransom, get the encryption key, and…

  • OCR Enforcement from a Phishing Attack

    OCR Enforcement from a Phishing Attack

    OCR is the Office of Civil Rights and is the enforcement department that oversees the Health Insurance Portability and Accountability Act (HIPAA).   On December 7, 2023, OCR announced the first settlement against a healthcare entity where the breach was the result of a phishing attack which led to a ransomware attack.   Phishing or malicious email…

  • Nothing Lasts Forever

    Nothing lasts forever, especially when talking about technology. In less than 24 short months, Windows 10 will reach its end of life. This means that practices using Windows 10 may no longer be HIPAA compliant.   Microsoft currently sends security updates at least weekly and, on some occasions, more frequently, especially when a zero-day vulnerability has…