Medical Hosting Company Launches New Cloud-Based HIPAA-Compliant Hosting Solution – Digital Journal


Digital Journal
Medical Hosting Company Launches New Cloud-Based HIPAA-Compliant Hosting Solution
Digital Journal
DALLAS, TX, November 19, 2018 /24-7PressRelease/ -- Medical Web Experts LLC is announcing the release of MWE Cloud, a new HIPAA-compliant cloud hosting service that offers higher availability, better security, and more efficient development ...

2,393 Patients of Southwest Washington Regional Surgery Center Impacted by Phishing Attack

Southwest Washington Regional Surgery Center in Vancouver, WA, has suffered a phishing attack that has resulted in the exposure of 2,393 patients’ protected health information.

The breach was confined to a single email account and no evidence was uncovered to suggest any emails have been accessed or downloaded by the attacker. An extensive investigation was conducted with assistance provided by a third-party cybersecurity firm. The investigation concluded on September 25.

The investigation included a manual review of all emails in the compromised account to identify patients affected and the types of information that may have been compromised.

Southwest Washington Regional Surgery Center explained in its breach notice that the beach was limited to the following PHI elements: Names, driver’s license numbers, Social Security numbers, medical information, and for a limited number of patients, credit card numbers.

The investigation revealed the email account was compromised on May 27, 2018 and access remained possible until August 13, 2018.

Patients impacted by the breach were sent breach notification letters on November 6, 2018 and have been offered complimentary credit monitoring and identity theft restoration services for 12 months. Information has also been provided on the steps that should take to reduce the risk of identity theft and fraud.

The breach has prompted Southwest Washington Regional Surgery Center to enhance its email access protocols to prevent further successful phishing attacks, passwords were reset, and its password policy updated.

The post 2,393 Patients of Southwest Washington Regional Surgery Center Impacted by Phishing Attack appeared first on HIPAA Journal.

Feds curious whether HIPAA is impeding care coordination for SNFs – McKnight’s Long Term Care News


McKnight's Long Term Care News
Feds curious whether HIPAA is impeding care coordination for SNFs
McKnight's Long Term Care News
The Centers for Medicare & Medicaid Services is asking if patient privacy laws are preventing coordination among nursing homes and other providers. Officials from the agency submitted a proposed request for information to the White House Office of ...

Congress Passes CISA Act Which Calls for New Cybersecurity Agency Within DHS

The U.S. Department of Homeland Security will be forming a new agency solely focused on cybersecurity following the passing of new legislation by Congress.

The Cybersecurity and Infrastructure Security Agency Act of 2018 (CISA Act) amends the Homeland Security Act of 2002 can calls for DHS to form a new Cybersecurity and Infrastructure Security Agency. The CISA Act was unanimously passed by the House of Representatives and just awaits the president’s signature.

The new agency will be formed through the reorganization of the National Protection and Programs Directorate (NPPD) and will have the same status as other DHS agencies such as the U.S. Secret Service.

The NPPD is already responsible for reducing and eliminating threats to U.S. critical physical and cyber infrastructure, with cybersecurity elements covered by the Office of Cybersecurity and Communications and the National Risk Management Center.

NPPD currently coordinates IT security initiatives with other entities, local, state, tribal and territorial governments and the private sector and oversees cybersecurity at federal government civilian agencies.

The new name better reflects the work NPPD does and emphasizes the importance of cybersecurity in securing the nation’s critical infrastructure. The new agency will consolidate information security and physical infrastructure security in a unified agency.

“The cyber threat landscape is constantly evolving, and we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical,” said DHS Secretary Kirstjen M. Nielsen. “It was time to reorganize and operationalize NPPD into the Cybersecurity and Infrastructure Security Agency.”

Having a single agency in charge of the nation’s cybersecurity will help the U.S. government address current security gaps. At present, each federal agency is responsible for its own IT systems and managing cyber risks. Regardless of size and budget, each government entity must ensure cyber risks are managed and reduced to a minimal level. There are also several government agencies that cover various cybersecurity functions, which is inefficient and results in security gaps.

“Elevating the cybersecurity mission within the Department of Homeland Security, streamlining our operations, and giving NPPD a name that reflects what it actually does will help better secure the nation’s critical infrastructure and cyber platforms,” said Christopher Krebs, current undersecretary of the NPPD. “The changes will also improve the Department’s ability to engage with industry and government stakeholders and recruit top cybersecurity talent.”

The post Congress Passes CISA Act Which Calls for New Cybersecurity Agency Within DHS appeared first on HIPAA Journal.