Health Law Gurus

Health Law Gurus

Health Law: News,
Commentary & Insights

Category Archives: Cybersecurity

Subscribe to Cybersecurity RSS Feed

FDA Tackles the Escalating Medical Device Cybersecurity Threats

Posted in Cybersecurity, FDA, Privacy
Cybersecurity and data breaches have been in public spotlight in the past several years as a result of recurring cyber-attacks on numerous organizations, business, its customers and communities in general. Media have been actively discussing cybersecurity trends and looking at the rise of identity technologies and web intelligence. According to the U.S. Department of Health… Continue Reading

Security Alert: New Meltdown and Spectre Vulnerabilities Impact Computer Processors to Expose Sensitive Information

Posted in Big Data, Business Associates, Compliance Issues, Covered Entities, Cybersecurity, HIPAA, Medical Records, Privacy, Security, Technology
Security Alert: New Meltdown and Spectre Vulnerabilities Impact Computer Processors Last spring the WannaCry ransomware cyber-attack crippled the global economy, impacting over 100,000 organizations throughout 150 countries and generating an estimated $4 billion in losses.  The National Health Information Sharing and Analysis Center, a community of actors within the healthcare and public health sectors, recently… Continue Reading

Organizations Want to Cry After WannaCry Ransomware Attacks

Posted in Cybersecurity, HIPAA, HITECH, Privacy, Security, Trends
Earlier this month a massive ransomware attack spread throughout 150 countries, infecting 300,000 computers and crippling businesses across the globe. The ransomware, called “Wannacry,” infiltrated a variety of institutions, encrypting the user’s files and demanding payment of $300-$600 in bitcoin to unfreeze files. Hundreds of hospitals and health clinics in the British National Health Service… Continue Reading

BEWARE OF THE MAN-IN-THE-MIDDLE: Malicious Eavesdroppers on the Internet

Posted in Compliance Issues, Cybersecurity, Privacy, Security, Technology
Imagine this: Dr. Primary is treating Patty Patient for substance abuse and emails Patty Patient’s protected health information (PHI) to a treatment clinic. Before the email arrives at the clinic, it is intercepted by a third party, Evan Eavesdropper, who publishes the PHI on the internet.  Evan Eavesdropper also decides to alter the PHI in… Continue Reading

HIPAA Compliance Is a Health Care Entity’s Secret Weapon in Preventing and Combating Ransomware Attacks

Posted in Business Associates, Covered Entities, Cybersecurity, HIPAA, Privacy, Security
One of the fastest growing areas of cybercrime is ransomware. Ransomware is a type of malicious software that encrypts data and makes it inaccessible to authorized users. The hackers who orchestrate ransomware attacks demand that authorized users pay a ransom in order to obtain the key to decrypt their data. Payment is generally required to… Continue Reading

Medical Devices a Target for Online Hackers

Posted in Cybersecurity, Prescription Drugs and Medical Devices, Privacy, Security, Technology
In the past few years, medical devices have become a major target for online criminals. Not only are medical devices considered to be one of the easiest and most vulnerable points of entry into a health care enterprise, they are one of the most difficult areas to remediate even when an attack has been identified.… Continue Reading

Controversial Cybersecurity Information Sharing Act Passes in Senate

Posted in Cybersecurity, Legislation, Privacy, Security
This week, the Senate passed a cybersecurity bill, called the Cybersecurity Information Sharing Act of 2015 (the “CISA”), by a vote of 74 to 21. With the Senate’s vote, the bill is one step closer to becoming law. The CISA authorizes the Director of National Intelligence, the Department of Homeland Security, the Department of Defense,… Continue Reading

Premera Blue Cross Targeted by Hackers – 11 Million Individuals Compromised

Posted in Cybersecurity, HIPAA, Privacy, Security
Premera Blue Cross (“Premera”) announced this week that it has been the target of a sophisticated cybersecurity attack in which the information of approximately 11 million individuals has been compromised. This announcement comes on the heels of the cybersecurity attack against health insurer Anthem, Inc., which affected approximately 80 million individuals.… Continue Reading

FTC May Have Authority to Regulate Companies’ Data Security Practices

Posted in Cybersecurity
Between 2008 and 2010, hackers stole credit card information from the computer network of Wyndham Hotels & Resorts LLC (“Wyndham”), which affected hundreds of thousands of Wyndham’s customers in the process. The Federal Trade Commission (the “FTC”) took action and filed suit against Wyndham in U.S District Court, alleging that Wyndham violated Section 5 of… Continue Reading