ICS-CERT of DHS Updates Guidance Resources to Help Healthcare Organizations Mitigate Cybersecurity Threat

May31, 2017. On May 30, 2017, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the Department of Homeland Security (DHS) released Update G: Indicators Associated with WannaCry Ransomware (ICS-Alert-17-135-01G) that was originally released on May 15, 2017. We provide highlights and excerpts below, and recommend that your organization download the document and sign up for alerts going forward.

OCR Settles with New York Covered Entity that Impermissibly Disclosed Patient’s HIV Protected Health Information to Employer

May 26, 2017. On May 23, 2017, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) issued a news release pertaining to a resolution agreement and corrective action plan with St. Luke’s-Roosevelt Hospital Center, Inc. for a settlement payment of $387,200 relating to a hospital component’s HIPAA Privacy Rule violation involving the impermissible disclosure of HIV-related protected health information. 

HHS Issues Update #4 on International Cyber Threat to Healthcare with Cautionary OCR Guidance on HIPAA Specific to WannaCry

May 17, 2017. Today, the U.S. Department of Health and Human Services (HHS) released via email, with a May 16, 2017, dateline: HHS Update #4: International Cyber Threat to Healthcare Organizations (Revised). In this issue update, HHS has covered the following issues:

Homeland Security Issues Alert for Indicators Associated with Cybersecurity Ransomware Threat

May 16, 2017. The Department of Homeland Security (DHS) issued last evening an Industrial Control Systems Cyber Emergency Response Team Alert (ICS-CERT) entitled: “Indicators Associated with WannaCry Ransomware.” This alert is a follow-up to the US-CERT alert TA17-132A released on Friday, May 12, 2017. In its Summary, the (ICS-CERT) alert states:

HHS/OS Issued Late Monday Morning an Updated International Ransomware Cyber Threat Alert and Links for Healthcare Organizations

May 15, 2017. Under the aegis of the Healthcare and Public Health Sector: Critical Infrastructure Security and Resilience Partnership, the Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has issued an email alert entitled: “HHS Update #2: International Cyber Threat to Healthcare Organizations. To sign up for these alerts, visit: https://www.hhs.gov/hipaa/for-professionals/list-serve/.

Perfect Storm: Double Jeopardy Cyberattack and HIPAA Noncompliance Peril for Covered Entities and Business Associates

May 15, 2017. For healthcare covered entities and business associates that have not implemented HIPAA Privacy and Security Rules and the HITECH Act Breach Notification Rule, the current massive, global ransomware cyberattack targeting hundreds of thousands of organizations worldwide is a ‘perfect storm’ and a wake-up call.

HHS/OS Has Issued a Saturday Ransomware Alert to Healthcare Organizations Concerning the International Cyber Threat

May 13, 2017. The Office of the Secretary (OS) of the U.S. Department of Health and Human Services (HHS) issued an email alert to subscribers at 12:11 PM today to its Office for Civil Rights (OCR) Security List entitled: “HHS Update: international cyber threat to healthcare organizations,” under auspices of the Healthcare and Public Health Sector, a Critical Infrastructure Security and Resilience Partnership. If you are unfamiliar with the current cybersecurity crisis, check out today’s New York Times article entitled: “Hacking Attack has Security Experts Scrambling to Contain Fallout.” We reproduce pertinent information from the alert below and, as the alert indicates, direct you to www.us-CERT.gov for additional information.

Texas Health System Pays $2.4 Million Following Compliance Review to Resolve an Impermissible Disclosure of a Patient’s PHI

May 12, 2017. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) has resolved an impermissible disclosure of a patient’s protected health information (PHI) with a payment of $2.4 million resolution settlement and acceptance of a corrective action plan (CAP) by the large not-for-profit Memorial Hermann Health System (MHHS) in Southeast Texas.

President Trump Signs Executive Order Bolstering Executive Branch and Industry Adherence to NIST’s Cybersecurity Framework

May 12, 2017. On May 11, 2017, President Trump signed an Executive Order entitled: Strengthening the Cybersecurity of Federal Networks and Infrastructure. Findings articulated in the Executive Order are:

CMS Publishes Quarterly Listing of Program Issuances, Including Reference to Information Security Acceptable Risk Safeguards

May 5, 2017. Today, in the Federal Register, the Centers for Medicare & Medicaid Services (CMS) of the U.S. Department of Health and Human Services (HHS) published a notice entitled: “Medicare and Medicaid Programs; Quarterly Listing of Program Issuances—January Through March 2017.” The Summary and Background statements are:

Categories



Archives

  • October 2017 (1)
  • August 2017 (3)
  • July 2017 (1)
  • June 2017 (7)
  • May 2017 (12)
  • April 2017 (10)
  • March 2017 (2)
  • February 2017 (3)
  • January 2017 (4)
  • December 2016 (4)
  • November 2016 (7)
  • October 2016 (7)
  • September 2016 (2)
  • August 2016 (1)
  • July 2016 (3)
  • June 2016 (1)
  • May 2016 (1)
  • April 2016 (8)
  • March 2016 (6)
  • February 2016 (2)
  • December 2015 (1)
  • November 2015 (1)
  • October 2015 (4)
  • September 2015 (1)
  • June 2015 (8)
  • May 2015 (3)
  • April 2015 (2)
  • March 2015 (1)
  • November 2014 (1)
  • September 2014 (15)
  • August 2014 (6)
  • July 2014 (1)
  • June 2014 (13)
  • May 2014 (11)
  • April 2014 (13)
  • March 2014 (6)
  • February 2014 (12)
  • January 2014 (3)
  • December 2013 (1)