Are you prepared for the next round of HIPAA audits?

HIPAA audits really are here. One of my clients let me know this week that they were contacted by the OCR announcing a HIPAA audit. Now is the time to make sure you are prepared.

Almost two years after the OCR first announced preparation for another round of HIPAA audits, Phase II of OCR’s HIPAA audit program is finally underway.

Read More

OCR is now targeting BA’s for HIPAA violations as settlements are announced

The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is taking an aggressive stand on HIPAA enforcement and targeting violations related to security risk assessments and business associate agreements. Three resolution agreements posted in the last month make clear that the agency expects entities subject to HIPAA to take appropriate steps to secure their data, regardless of the size or type of the entity. It’s a HIPAA...

Read More

ATM Skimming Rising After Increasing 546% Between 2014-2015

FICO Card Alert Service just released data that indicated ATM skimming increased 546 percent from 2014 to 2015. That increase represents the largest year-over-year increase that the service has seen in its more than 20 years of existence. The FICO research is based on the analysis of thousands of U.S. ATMs, and it shows that off-premises retail ATMs were most often targeted. These off-premise machines were attacked 10 times as often in 2015 compared to 2014.

Read More

Lessons from the 2015 Anthem Breach

It’s been just over a year since the February 2015 health plan Anthem Inc. reported a record-breaking cyber-attack that affected almost 78 million individuals. In the last year the healthcare sector has been the target of several other massive cyber-attacks since the Anthem breach; however, the Anthem incident still tops the Department of Health and Human Services’ “wall of shame” website as the largest health data...

Read More

Verizon Enterprise Solutions hacked, 1.5 million business clients exposed

Verizon Enterprise Solutions, which regularly assists clients in responding to data breaches, has suffered a breach affecting a reported 1.5 million business customers. These customers are now more vulnerable to phishing attacks due to the breach. Verizon has stated that the attack exposed basic contact information due to a vulnerability in their enterprise client portal. The vulnerability has been addressed and Verizon maintains that no...

Read More

5 Keys for Data Breach Prevention

In 2015, the banking, credit and financial industries have reported more than 40 data breaches that exposed more than 400,000 records. The breached entities range in size from a 200-location independent mortgage company to global banks with high name recognition.

Data breaches don’t just happen to large banks. Community banks also fall prey to cyber-attacks and breaches. When a data breach occurs, it’s increasingly becoming a question of “when,” not “if,” are you prepared?

Read More

Expect More HIPAA Audits and Stricter Enforcement in 2016

Look for the 2016 agenda for the Department of Health and Human Services’ Office for Civil Rights to accelerate its recent emphasis on enforcement of HIPAA.

Over a five-week period, the OCR announced plans to collect $5 million in monetary penalties in three enforcement actions against HIPAA covered entities. This increased emphasis on collecting fines and penalties is seen as a move to provide funds for the agency. These funds will be allocated to a program focused on auditing entity compliance with the HIPAA Privacy, Security and Breach Notification Rules, as well as other enforcement and regulatory activities.

Read More

Email common link in many large HIPAA breaches

Several recent large data breaches involving email mishaps serve as a reminder of precautions that healthcare entities must take with protected health information contained in digital communications that are sent or received by their organizations.

Recent incidents listed on the HHS “wall of shame” include two incidents at the North Carolina Dept. of Health and Human Services. Another reported incident, not yet publicly posted on the HHS website, occurred at the University of Cincinnati Health.

Read More

FFIEC Emphasizes Board Involvement in Cybersecurity

The Federal Financial Institutions Examination Council’s updated guidance for bank examiners emphasizes that executives and boards of directors must approve IT plans that contain strategies for addressing emerging and ongoing cyber threats.

Read More