Search Results
The default setting for search results displays All Content. If you prefer to see recent content only, please adjust the date filter.
Filter your results:
Types
Topics
8 Results Found
OCR launches webpage with HIPAA FAQs on Change Healthcare cyberattack
The Department of Health and Human Services’ Office for Civil Rights April 19 launched a webpage answering HIPAA-related FAQs about the Change Healthcare cyberattack.
NIST updates HIPAA cybersecurity resource guide
The National Institute of Standards and Technology this week released updated guidance to help HIPAA-covered entities and business associates assess and manage cybersecurity risks to electronic protected health information and comply with the HIPAA security rule.
In wake of cyberattack, OCR investigating Change Healthcare compliance with HIPAA rules
The Department of Health and Human Services’ Office for Civil Rights is initiating an investigation into the Change Healthcare cyberattack, the agency announced March 13in a “Dear Colleague” letter.
Judge rules in favor of AHA vacating HHS online tracking ‘bulletin’ as unlawful and beyond agency authority
A United States District Court Judge in Texas today ruled in favor of the AHA, Texas Hospital Association, and hospital plaintiffs, agreeing that Department of Health and Human Services “bulletins” that restrict health care providers from using standard third-party web technologies that capture IP addresses on portions of their public-facing webpages were unlawful final rules and vacating the March 2024 Revised Bulletin.
HHS says hospitals impacted by Change Healthcare cyberattack can delegate breach notifications to UnitedHealth Group
The Department of Health and Human Services May 31 announced that hospitals and health systems can require UnitedHealth Group to notify patients if their data was stolen during the Change Healthcare cyberattack Feb. 22.
CISA releases proposed rule on cyber incident reporting
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency March 27 released a proposed rule implementing cyber incident and ransom payment reporting requirements under the Cyber Incident Reporting for Critical Infrastructure Act of 2022, intended to help the agency prevent cyberattacks and deploy assistance to victims.
AHA to court: Revised OCR bulletin on online tracking technologies still unlawful
The Department of Health and Human Services’ revised “bulletin” for HIPAA covered entities and business associates using online tracking technologies only confirms that the original bulletin was “substantively and procedurally unlawful,” AHA April 11 told a federal court hearing its challenge to a bulletin issued by HHS’ Office for Civil Rights that restricts health care providers from using standard third-party web technologies that capture IP addresses on portions of their public-facing webpages.
Third-Party Cyber Risk Impacts the Health Care Sector the Most. Here’s How to Prepare.
John Riggi, AHA national advisor for cybersecurity and risk, explains why cybercriminals are shifting from directly targeting hospitals to hitting the third-party technology and service providers critical to supporting hospitals’ clinical care. He highlights four key strategies to help hospitals and health systems strengthen their third-party risk management program against the debilitating effects of the next, inevitable Change Healthcare-like cyberattack.