Skip to main content
Home
Advertise with Us
News Sections
Academic Research
AI/Machine Learning
Analytics & Data Science
Clinical IT
Cybersecurity & Privacy
Editor's Picks & Featured Content
Hospital Systems & Operations
Government
Imaging
Industry Perspectives
Interoperability/HIE
Population Health Management
Q&A
Revenue Cycle Management & Finance
White Papers
Premium Articles
Achieving value-based care through the supply chain
Why Partnerships are Key to Driving Healthcare Forward
Books & Publications
Healthcare IT Conferences and Events
Contact
Menu
Home
Advertise with Us
News Sections
Academic Research
AI/Machine Learning
Analytics & Data Science
Clinical IT
Cybersecurity & Privacy
Editor's Picks & Featured Content
Hospital Systems & Operations
Government
Imaging
Industry Perspectives
Interoperability/HIE
Population Health Management
Q&A
Revenue Cycle Management & Finance
White Papers
Premium Articles
Achieving value-based care through the supply chain
Why Partnerships are Key to Driving Healthcare Forward
Books & Publications
Healthcare IT Conferences and Events
Contact
Cybersecurity
HIPAA Violations at Verily Signal Deeper Risk for Health Tech Compliance
A recent lawsuit against Verily has reignited concerns about whether health technology firms can consistently meet the operational demands of privacy law. The case, filed by former Verily executive Ryan Sloan, alleges that the company concealed multiple violations of the Health Insurance Portability and Accountability Act (HIPAA), impacting more than 25,000 patients. If substantiated, these claims expose not only lapses in internal governance but also structural weaknesses in how emerging digital health platforms manage regulatory accountability.
Photo 77632638 / Hipaa © One Photo | Dreamstime.com
Tracking Pixel Lawsuits Signal Operational Blind Spots in Healthcare Privacy
Mount Sinai Health System’s recent $5.3 million settlement over the use of web trackers on its patient portal is the latest in a wave of litigation reframing digital analytics as a high-risk privacy exposure, especially for healthcare organizations operating under HIPAA.
MDLand Data Event Reinforces Urgency of EMR Vendor Accountability in Health IT Ecosystems
The recent disclosure of a data security incident by MDLand International Corporation, a New York-based electronic medical records (EMR) vendor, adds another entry to a growing list of third-party breaches exposing sensitive patient information. While MDLand states that there is no evidence of data misuse and that the event did not involve health systems directly, the incident reflects a broader, structural vulnerability: health data security is only as strong as the least-secure vendor in the healthcare technology chain.
ID 187020383 © Josepalbert13 | Dreamstime.com
HIPAA Risk Analysis Failures Keep OCR’s Crosshairs on Business Associates
The recent enforcement action against BST & Co. CPAs, LLP underscores a sharpened federal focus on business associates that fall short of HIPAA Security Rule compliance, especially when ransomware is involved. The $175,000 settlement with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) marks the agency’s 15th ransomware-related HIPAA action and the 10th to fall under its ongoing Risk Analysis Initiative.
Asset Intelligence Converges with Clinical Security
Hospitals have spent the past decade connecting everything from infusion pumps to MRI scanners to corporate networks. That connectivity delivered valuable data streams and operational efficiencies, yet it also created a vast, largely invisible attack surface.
Microsoft Breach Exposes Structural Incoherence in Federal Cybersecurity Governance
The recent compromise of Microsoft SharePoint environments, impacting the Department of Homeland Security (DHS), the Department of Health and Human Services (HHS), and the National Institutes of Health (NIH), underscores a persistent dissonance between federal cybersecurity mandates and operational enforcement.
Forget Reading Regulatory Tea Leaves and Take Control of Data Security
It’s a challenging time for healthcare IT executives. Companies need to maintain HIPAA compliance as proposed government rule changes are still being solidified. Interoperability is required, so that authorized providers with patient consent can access sensitive data quickly and gain insights to make the best possible decisions about patient care.
Healthcare’s Shift to Proactive Cybersecurity Measures
Health insurance payers, healthcare providers, and their associated contractors who handle patient data have all been forced to reckon with heightened cybersecurity concerns. For the entire industry, a proactive approach — rather than a reactive approach — is more important than ever.
Episource Ransomware Breach Exposes Structural Weaknesses in Healthcare Data Security
The recent ransomware breach at Episource, a business associate owned by UnitedHealth Group, underscores systemic weaknesses across the healthcare ecosystem. When a third-party provider, not a hospital or clinic, becomes the vector, the repercussions ripple outward. Between January 27 and February 6, 2025, cybercriminals infiltrated Episource’s systems, gaining access to protected health information and personally identifiable information tied to Sharp Healthcare and Sharp Community Medical Group. According to Sharp disclosures, this included names, contact information, health insurance plan details, medical diagnoses, lab results, and even medical images.
UChicago Medicine Severs Vendor Ties Following Data Breach, Reframes Risk in Third-Party Partnerships
UChicago Medicine Medical Group has officially ended its relationship with Nationwide Recovery Services (NRS) after a cybersecurity breach compromised sensitive personal data tied to debt collection and recovery activities. The breach, which occurred between July 5 and July 11, 2024, enabled an unauthorized party to access data from NRS systems, including files containing patient names, birthdates, Social Security numbers, financial account information, and potentially medical-related financial data.
OCR Settlement with Comstar Spotlights Ransomware Liability and Risk Analysis Failures in HIPAA Compliance
The U.S. Department of Health and Human Services Office for Civil Rights has announced a $75,000 settlement with Comstar, LLC, a Massachusetts-based billing and revenue cycle company serving emergency ambulance providers, following a ransomware breach that exposed the electronic protected health information of nearly 586,000 individuals.
Healthcare’s Identity Crisis: Why Passkeys Must Replace Passwords Now
The formal shift from World Password Day to World Passkey Day this May is more than symbolic. It signals a decisive break from a decades-old security architecture that has consistently failed to protect users at scale. For healthcare organizations, which remain among the most targeted sectors for data breaches and identity theft, this pivot from shared secrets to cryptographic keys is not a trend. It is a necessary reckoning.
BayCare’s $800K HIPAA Settlement Highlights Ongoing Risk from Malicious Insiders in Healthcare IT
The U.S. Department of Health and Human Services Office for Civil Rights has reached an $800,000 settlement with Florida-based BayCare Health System following a HIPAA Security Rule investigation into unauthorized access of a patient’s electronic protected health information.
The Next Cybersecurity Threat Isn’t Russia. It’s Your Vendor Contract.
While most healthcare executives fixate on state-sponsored cyberattacks from Russia or China, the more immediate and systemic threat is buried in their own legal files. The true weak point in the healthcare cybersecurity chain is not nation-state actors or malware. It is the vendor contract no one has read since go-live.
HIMSS Urges Congress to Reauthorize Cybersecurity Law that Encourages Collaboration and Resilience
“The intent of the healthcare cybersecurity provision of the Cybersecurity Information Sharing Act of 2015 (6 USC 1533) was to establish a voluntary, consensus-based, industry-led approach so we can collectively strengthen our security posture and share meaningful threat intelligence within healthcare and, where appropriate, with other critical infrastructure sectors,” said Lee Kim, HIMSS senior principal, cybersecurity and privacy. “This law has had a significant impact not only on healthcare, but across other sectors by advancing collaboration and improving cyber resilience. I am happy to have contributed to the creation of this provision, which continues to strengthen cybersecurity across healthcare and beyond.”
