My take — this was a state-sponsored test-run for a “false flag” attack on an international scale, but who the true source is remains unknown. Web gossip suggests the ransomware was stolen by hacking the NSA, but again this is unknown for certain. Perhaps the most important lesson from this attack on more than 250,000 … Read more
Alert: Phishing Email Disguised as Official OCR Audit Communication November 28, 2016 It has come to our attention that a phishing email is being circulated on mock HHS Departmental letterhead under the signature of OCR’s Director, Jocelyn Samuels. This email appears to be an official government communication, and targets employees of HIPAA covered entities and … Read more
Ransomware is rapidly becoming the most common and potentially devastating form of cyber attack on healthcare organizations, prompting CMS to issue an advisory warning in August. To help alert our readers to the threat and defenses you can employ in preventing HIPAA violations, I will be hosting a no charge seminar at Noon (Central) September … Read more
Hospitals might be surprised to learn that HIPAA violations can not only result in federal fines, but also in fines from more than one state if the breach involves out-of-state residents. Under the HITECH Act, state Attorneys General also have enforcement and fine capabilities, but as states get more into privacy legislation, some states are … Read more
Lawyers, risk managers, and IT experts were struck this week the seemingly impossibility of complying with the law of privacy and security when the US government’s NSA and other countries are undermining or out-right sabotaging their efforts at every turn. In another disclosure that has left the highest levels of industry experts “gobsmacked”, Pro Publica.com … Read more