The Health Sector Coordinating Council has issued a five-year strategic plan - "a call to action" - for healthcare and public health organizations to implement cybersecurity programs that do a better job of protecting their patients against the ever-rising tide of threats.
In the latest "Proof of Concept," Jeff Brown, CISO for the state of Connecticut, and Lester Godsey, CISO for Maricopa County, Arizona, join ISMG editors to discuss AI-related threats to election security, safeguarding against cyber and physical threats and coordinating efforts for complete security.
In late 2023, the debut of ISO/IEC 42001 marked a major advance in AI standards, offering a systematic framework for AI management. Avani Desai of Schellman sees it as a "paradigm shift" that emphasizes managing AI-specific risks that are distinctly different from traditional concerns.
Britain's privacy watchdog ordered Serco Leisure, which operates nearly 40 leisure facilities, to cease using facial recognition and fingerprint scanning for clocking employees in and out, saying the company failed to demonstrate such technology was "necessary or proportionate."
As the volume of major health data breaches rises, the federal agency charged with investigating those incidents told Congress this week that it lacks the needed funding to keep up with its mounting workload. The agency also separately announced its second ransomware HIPAA breach settlement.
In the latest weekly update, Jeremy Grant of Venable LLP joins editors at ISMG to discuss the state of secure identity in 2024, the challenges in developing next-generation remote ID proofing systems, and the potential role generative AI can play in both compromising and protecting identities.
It's not just medical device cybersecurity that's keeping some healthcare security leaders up at night - it's also the risks posed by other critical connected gear that patients and clinicians depend upon, said Ali Youssef, director of medical device and emerging tech security at Henry Ford Health System.
An Arizona firm that provides administrative services to a dozen ophthalmology practices in several states is notifying nearly 2.4 million patients of a data theft incident. The hack is among the latest recent major data breaches involving vendors of critical services to healthcare firms.
Australian telecom company Tangerine is blaming the compromise of a third-party contractor's credentials for exposing personal information of 232,000 customers, which had been stored in a legacy database. The breach exposed customers' names, birthdates, mobile numbers, addresses and account numbers.
A bipartisan pair of congressmen is again attempting to address long-standing issues of patient safety and privacy - as well as medical errors, inadvertent information disclosures and denied medical claims - which all occur when patients and the health records used to treat them do not match.
Two new guidance resources - one from regulators and the other from an industry council - aim to help healthcare firms strengthen their protection of sensitive patient information and critical IT systems. The publications come as the Biden administration is pushing the sector to up its cyber game.
When a hospital or clinic is hit with a cyberattack, it often seems as if the electronic health record systems just can't win. Even if the EHR system is not the prime target of the attack, it's still frequently taken off line as the organization responds to the incident. What should entities do?
The U.S. Federal Trade Commission said it's too easy for fraudsters to launch "child in trouble" and romance scams, so it has proposed rule-making that would give the agency new authority to sue in federal court any technology providers that facilitate impersonation fraud.
In the latest weekly update, four ISMG editors discussed the relatively low profile of cyberwarfare in recent international conflicts, the potential revival of a dormant HIPAA compliance audit program and the security implications of sovereign AI development.
An electronic health record and practice management software firm says the only way to avoid bankruptcy from the consolidation of nine proposed class action lawsuits filed in the wake of a 2022 data breach is to settle the case for $4 million.