About the Author Arnold Abraham is Principal Attorney and Founder of the CyberLaw Group (cyberlawgroup.net), a law firm focused on personal privacy and data protection. He previously served as a Senior Federal Cyber Security Executive in USCYBERCOM and the Department of Homeland Security. Companies hit by cyber attacks are increasingly finding themselves open to potential liability… Read More
Last week, we hosted a webinar to discuss the challenges healthcare operators face when responding to cyber security incidents. Our presenters, Michael McKinley, Vice President and General Manager at Delta Risk, Chris Holda, Senior Healthcare IT Consultant, Huntzinger Management Group, and Ed Kopetsky, Chief Information Officer at Stanford Children’s Health and Advisor with Next Wave Health Advisors, provided… Read More
It’s a late Saturday morning and Joe Hacker (aka WF4EAK in underground hacking circles) fires up the software-defined radio(SDR) he bought online for $20 to listen in on the local hospital paging traffic. After all, he is trying to make a few extra bucks to buy a new Xbox, and selling healthcare information on the black… Read More
In the latest Delta Risk white paper, which follows our Cyber Security Primer for Healthcare white paper, we take a deeper look at the specific legal obligations that healthcare providers must meet, and how you can build a healthcare cyber security program to meet and exceed compliance responsibilities. Under the Health Insurance Portability Act (HIPAA) and the… Read More
In new joint guidance released from the Federal Trade Commission (FTC) and U.S. Department of Health and Human Services Office for Civil Rights (OCR), HIPAA covered entities and business associates are reminded that they are subject to enforcement of both HIPAA regulations and deceptive business practices under the FTC Act. A covered entity or business… Read More
Earlier this year, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued guidance indicating that, under most circumstances, a ransomware attack constitutes a reportable HIPAA breach. During a ransomware attack, protected electronic health information (ePHI) is considered breached because an unauthorized individual has control of the information. In their… Read More