HIPAA

A Security Risk Assessment (SRA) is a systematic process of identifying, evaluating, and mitigating risks that could compromise the security of an organization, system, or asset. The purpose of an SRA is to ensure that security controls are in place and sufficient to protect against potential threats, vulnerabilities, and their associated impacts.

A Privacy and Breach Risk Assessment (PBRA) is a systematic process used by organizations to evaluate potential privacy risks and the likelihood and impact of data breaches associated with handling personal or sensitive information. It is typically conducted to ensure compliance with privacy laws, regulations, and organizational policies while minimizing risks to individuals whose data is collected, processed, or stored.

The Microsoft Threat Intelligence Briefing: Healthcare has reported that the healthcare/public health sector was one of the top 10 most impacted industries in the second quarter of 2024 and that there has been a 300% surge in ransomware attacks. There is now an entire industry of RaaS – Ransomware as a service. The same way a doctor can subscribe to have access to an EHR. Bad actors can subscribe to services that will create ransomware for them. Bad actors are also utilizing AI to create ransomware and better target ransomware attacks.

Particle Health filed a federal antitrust lawsuit claiming that EPIC is blocking access to patient records.  The lawsuit states that Epic is using its power to eradicate competition in the Healthcare Marketplace.

Ransomware attacks targeting industrial organizations has reached new heights and no organization is immune.

EngageMED, a healthcare support system, filed notice of data breach. They recognized that an authorized part was able to access the company's IT network. This resulted in unauthorized access to names, addresses, dates of birth, Social Security numbers, medical information, health insurance information, and claim information.

The Centers for Medicare & Medicaid Services (CMS) and Wisconsin Physicians Service Insurance Corporation (WPS) are notifying people whose protected health information or other personally identifiable information (PII) may have been compromised in connection with Medicare administrative services provided by WPS. WPS is a CMS contractor that handles Medicare Part A/B claims and related services for CMS.

A breach at Health Equity occurred because a user account of one of HealthEquity’s vendors was compromised and their password stolen, which was used by the malicious hacker to access the data repository.

HIPAA requires your office protect the confidentiality, integrity and accessibility of patient information. In order to accomplish this, you must address the technical, administrative and physical risks to this information. While offices are making the transition to the cloud, you should not slack off on physical security, including office access controls.

​​​​​​​A roundup of todays HIPAA related news demonstrates that foreign actors such as North Korea and Iran are attacking the US with the latest news having an attack against healthcare and an attack against our political system.