Achieving strong cybersecurity is a vast, interconnected web that must incorporate the correct software, procedures, and workflows and take into account the human element across an entire organization.
Healthcare industry leaders think there is much to learn from the Change Healthcare cyberattack, and they hope the sector can apply these lessons to prevent a hack like this from ever happening again. Overall, the chaotic aftermath of the attack underscores the dire need for a more unified approach to cybersecurity within the healthcare sector.
Munck Wilson Mandala Partner Greg Howison shared his perspective on some of the legal ramifications around AI, IP, connected devices and the data they generate, in response to emailed questions.
After a healthcare cyberattack, the impacted organization often doesn't want to divulge a lot of information, Intermountain Health CISO Erik Decker said last week at HIMSS. However, he thinks healthcare organizations should be more transparent with their peers after an attack because "no one system operates independent of everybody else."
The aftermath the cyberattack on Change Healthcare remains messy, with patients across the country still struggling to obtain their prescriptions. The federal government has even stepped in to help address the fallout of the attack, urging payers to quickly alleviate the digital bottlenecks that providers and pharmacies are facing.
Pharmacies across the country are facing disruptions following a cyberattack on Change Healthcare — which is owned by Optum, a subsidiary of UnitedHealth Group. In a filing with the SEC, UnitedHealth stated that the unauthorized party that gained access to Change Healthcare's systems was a “suspected nation-state associated cyber security threat actor."
Mari Savickis, Vice President of Public Policy with CHIME, will be moderating a panel discussion as part of the Cybersecurity Pavilion at the ViVE 2024 event in Los Angeles, scheduled for February 25-28. She said her organization anticipates several developments addressing cybersecurity this year.
At the Abarca Forward conference earlier this year, George Van Antwerp, managing director at Deloitte, discussed how social determinants of health and a personalized member experience can improve medication adherence and health outcomes.
There is growing and coordinated momentum behind the goal of ensuring connected medical devices improve people’s lives without introducing them to cybersecurity threats and associated safety risks. There also is a proven playbook for implementing the type of multi-layered, security-by-design strategies these initiatives advocate.
HHS recently published guidance outlining voluntary cybersecurity performance goals for the healthcare sector. Taylor Lehmann, a cybersecurity executive at Google Cloud, noted that "what is on HHS paper will most likely become what is in the actual final rulemaking or new regulatory requirements that become law."
From our experience providing identity management services to healthcare SaaS companies, here are five rules for building more secure SaaS applications. The list can serve as a guide either for healthcare organizations looking to move key operations to SaaS or to makers of SaaS applications for healthcare customers.
Many hospitals remain underprepared to protect themselves against cybercriminals’ barrage of increasingly sophisticated attacks, but there are a couple concrete steps they can take to build a stronger defense structure — like virtual patching and thinking twice about moving to the cloud.
We will highlight Build My Health's revenue practice management tools, which could help physician practices add up to $250,000 to their practices.
While more generative AI tools are becoming available in healthcare for diagnostics and patient communication, it is important for clinicians and healthcare staff to be aware of the security, privacy, and compliance risks when entering protected health information (PHI) into a tool like ChatGPT.
Developed as part of the due diligence process for the disclosure of confidential documents, VDRs provide a secure repository for all types of confidential materials including merger and acquisition (M&A) documents, financial statements, contracts, intellectual property details, and legal agreements.
New York Governor Kathy Hochul released a proposed set of cybersecurity regulations that require hospitals to establish new policies and procedures to protect themselves from ever-intensifying cyber threats. The state also put aside $500 million in funding to help hospitals upgrade their technology systems to comply with these new rules.
The federal government has warned hospitals that using third-party analytics tools on their websites could violate HIPAA, and more than 20 hospitals are facing class-action lawsuits over the use of these tools. But a recent analysis found that hospitals are doing a poor job of fixing their websites and preventing patient data collection.
As health systems shore up their defenses against cybercriminals, they should openly communicate with their third-party vendors about data security risks and work together to actively manage those risks. That was some of the advice given by Aaron Miri, Baptist Health’s chief digital and information officer, during a Tuesday webinar.