Healthcare Technology Vendor News

Cofense Develops New Phishing-Specific Security Orchestration, Automation and Response Platform

Posted by HIPAA Journal

Cofense has developed a new product which will soon be added to its portfolio of anti-phishing solutions for healthcare organizations and incorporated into its phishing-specific security orchestration, automation and response (SOAR) platform.

The announcement comes at a time when the healthcare industry has been experiencing an uptick in phishing attacks. The past few months have seen a large number of healthcare organizations fall victims to phishing attacks that have resulted in cybercriminals gaining access to employee’s email accounts and the PHI contained therein.

Perimeter security defenses can be enhanced to greatly reduce the number of malicious emails that reach employees’ inboxes, but even when multiple security solutions are deployed they will not block all phishing threats.

Security awareness training is essential to reduce susceptibility to phishing attacks by conditioning employees to stop and think before clicking links in emails or opening questionable email attachments and to report suspicious emails to their security teams.

However, security teams can struggle to identify real threats quickly. Employees will typically report a wide range of emails, not just malicious messages. Most organizations will see their abuse mailboxes fill up rapidly and security teams often waste valuable time sifting through messages to find the real threats.

Cofense has attempted to solve the problem with the release of a SOAR platform that helps incident response teams identify and mitigate phishing attacks in progress much more rapidly. Cofense Triage allows incident response teams to rapidly assess, analyze, and remediate phishing attacks in real-time by filtering out the noise.

Cofense Triage has recently been enhanced with new features that allow third-party security solutions to be integrated through its REST API to ensure an optimized, security orchestration response. Remediating phishing threats has been made easier through automation using playbooks and workflows – sets of criteria that will automatically execute a response to mitigate an attack if certain criteria are met.

Now the Leesburg, VA-based anti-phishing vendor has developed a new anti-phishing solution – Cofense Vision – which will soon be incorporated into its phishing-specific SOAR. Cofense Vision – due to be generally available in Q4 2018 – will make it easier and quicker to identify all phishing emails in a campaign and quarantine them rapidly to neutralize the threat.

When a phishing email is identified, it is unlikely to be the only copy of the message in an organization’s email system. Tens or even hundreds of copies may be hiding in other inboxes, including carbon copies of the message, variations along the same theme, and totally different messages containing the same malicious payload.

Cofense Vision helps incident response teams search, identify, and quarantine all phishing emails in a particular campaign, querying messages by sender, date, subject, attachment name, attachment hash, and many more criteria. When all messages have been identified, they can be quarantined with a single click, removing all malicious messages from an organization’s entire email system.

This is just one of a host of new anti-phishing solutions that can be deployed to help healthcare organizations deal with the threat of phishing. As news breaks of a million-record-plus healthcare phishing attack, advanced phishing solutions are clearly needed to tackle the threat to the confidentiality, integrity, and availability of PHI.

The post Cofense Develops New Phishing-Specific Security Orchestration, Automation and Response Platform appeared first on HIPAA Journal.

Qcentive Controls AWS Costs & Enables Cloud Computing in Healthcare with ParkMyCloud

Posted by HIPAA Journal

The Massachusetts-based healthcare startup Qcentive, the developer of a cloud-based platform that helps healthcare companies with the creation and management of value-based contracts, was one of the first companies authorized to move healthcare data to the cloud.

The first-in-class transaction platform has been certified as HIPAA compliant and incorporates appropriate safeguards to ensure the confidentiality, integrity, and availability of ePHI. The company uploads patient and healthcare contract information to AWS, where the data are accessed by the company’s application.

The platform helps its health plan clients and their value-based contracting providers analyze claims data and patient information such as emergency room visits and use the information to quickly calculate potential savings.

While developing the platform, Qcentive uploaded large quantities of patient and claim data to AWS and created AWS resources as necessary, although as many companies discover, AWS costs can quickly mount up. Qcentive tried to find a way to keep its AWS costs under control, starting with rightsizing resources and using Reserved Instances. That resulted in savings of around 30%-40% over their on-demand EC2 costs. However, such a strategy was not ideal, as Reserved Instances require a long-term commitment for non-production instances.

Qcentive was running instances 24/7/365 and was being charged by the minute, even though those resources did not need to be running round the clock and were often underutilized. The company experimented with switching off resources using standard AWS tools and restarting them when needed. However, that tactic lacked flexibility and greater user governance was required.

The firm searched for a tool that allowed automated scheduling of AWS resources and discovered ParkMyCloud. The PArkMyCloud platform allowed Qcentive to run instances 12 hours a day instead of 24, halving the company’s cloud costs.

Using the platform to automate and schedule resources resulted in immediate savings of 20% on its AWS bill, while maintaining flexible access for its end users. Schedules are set on resources with them typically running 12 hours a day Monday to Friday. If access to resources is required outside of the scheduled hours, such as over the weekend, they can be easily switched back on via a mobile app.

Now the firm is placing all AWS instances, databases and auto-scaling groups on a schedule and only turns the instances on when there is a workload to run. Around 40%-50% of its resources are now only running Monday to Friday, resulting in significant savings. The cost of the ParkMyCloud platform is covered through the savings that have been realized, and the firm is now saving far more than was possible using Reserved Instances.

“Reserved Instances look great the day you buy them, but then the first time you have to change the size on something, all of the sudden you’ve got Reserved Instances that you’re not using anymore. With ParkMyCloud that never happens. It’s all savings,” said Bill Gullicksen, Director of IT, Qcentive.

The post Qcentive Controls AWS Costs & Enables Cloud Computing in Healthcare with ParkMyCloud appeared first on HIPAA Journal.

Vulnerabilities Identified in Medtronic MyCareLink Heart Monitors

Posted by HIPAA Journal

ICS-CERT has issued an advisory about two recently discovered vulnerabilities in Medtronic MyCareLink patient monitors.

The devices are used by patients with implantable cardiac devices to transmit their heart rhythm data directly to their clinicians. While the devices have safeguards in place and transmit information over a secure Internet connection, the vulnerabilities could potentially be exploited by a malicious actor to gain privileged access to the operating system of the devices.

The vulnerabilities – a hard-coded password vulnerability (CWE-259 / CVE-2018-8870) and an exposed dangerous method of function (CWE-749 / CVE-2018-8868) vulnerability – exist in all versions of 24950 and 24952 MyCareLink Monitors.

The former has been assigned a CVSS v3 score of 6.4 and the latter a CVSS v3 score of 6.2. The vulnerabilities were discovered by security researcher Peter Morgan of Clever Security, who reported the issues to NCCCIC.

Exploitation of the hard-coded password vulnerability would require physical access to the device. After removing the case, an individual could connect to the debug port and use the hard-coded password to gain access to the operating system.

Debug code in the device is used to test functionality of the communications interfaces, including the interface between the monitor and the implanted cardiac device. After using the hardcoded password, an attacker could gain access to the debug function and read and write arbitrary memory values, provided that individual in close proximity to the patient with the implanted cardiac device.

While exploitation of the vulnerabilities is possible, Medtronic has determined that the risks are ‘controlled’ i.e. A sufficiently low and acceptable risk of patient harm. An attacker would need physical access to the monitor and have to be in close proximity to the patient at the same time. It is not possible to exploit the vulnerabilities remotely.

Medtronic is implementing mitigations and will be issuing automatic software updates to prevent exploitation of the vulnerabilities. The updates are being rolled out as part of its standard update process. Medtronic notes there have been no reported cases of the vulnerabilities being exploited.

Patients can reduce the risk of exploitation of these vulnerabilities by maintaining sound physical controls to prevent unauthorized access to their patient monitor. Medtronic has pointed out the use of secondhand MyCareLink patient monitors or those obtained from unofficial sources carry a much higher risk of exploitation of the above vulnerabilities. Patients should only use MyCareLink patient monitors that have been obtained directly from Medtronic or their clinicians. Any concerning behavior of patients’ home monitors should be reported to their healthcare providers or Medtronic.

The post Vulnerabilities Identified in Medtronic MyCareLink Heart Monitors appeared first on HIPAA Journal.

Advisory Issued After 8 Vulnerabilities Discovered in Natus Xltek NeuroWorks Software

Posted by HIPAA Journal

ICS-CERT has issued an advisory following the discovery of eight vulnerabilities in version 8 of Natus Xltek NeuroWorks software used in Natus Xltek EEG medical products.

If the vulnerabilities are successfully exploited they could allow a malicious actor to crash a vulnerable device or trigger a buffer overflow condition that would allow remote code execution.

All eight vulnerabilities have been assigned a CVSS v3 score above 7.0 and are rated high.  Three of the vulnerabilities – tracked as CVE-2017-2853, CVE-2017-2868, and CVE-2017-2869 – have been assigned a CVSS v3 base score of 10, the highest possible score. CVE-2017-2867 has been assigned a base score of 9.0, with the other four vulnerabilities – CVE-2017-2852, CVE-2017-2858, CVE-2017-2860, and CVE-2017-2861 – given a rating of 7.5. The vulnerabilities are a combination of stack-based buffer overflow and out-of-bounds read vulnerabilities.

CVE-2017-2853 would allow an attacker to cause a buffer overflow by sending a specially crafted packet to an affected product while the product attempts to open a file requested by the client.

CVE-2017-2868 and CVE-2017-2869 relate to flaws in how the program parses data structures. Exploitation would allow an attacker to trigger a buffer overflow and execute arbitrary code, allowing the attacker to take full control of the affected system.

The vulnerabilities were discovered by security researcher Cory Duplantis from Cisco Talos who reported them to Natus. Natus took immediate action and has now released an updated version of its software which corrects all of the flaws.

To date there have been no reported instances of the vulnerabilities being exploited in the wild, and no public exploits for the vulnerabilities are known. Natus recommends all users of the vulnerable software to update to NeuroWorks/SleepWorks 8.5 GMA 3 as soon as possible.

The update is available free of charge for users of NeuroWorks/SleepWorks Version 8.0, 8.1, 8.4, or 8.5. The Natus Neuro technical support department should be contacted for further information.

In addition to updating to the latest version of the software, organizations can take further steps to limit the potential for zero-day vulnerabilities to be exploited.

The National Cybersecurity & Communications Integration Center (NCCIC) recommends minimizing network exposure for all control systems and devices and ensuring they are not accessible over the Internet. Control systems and remote devices should be located behind firewalls and should be isolated from the business network. If remote access is necessary, secure methods should be used to connect, such as Virtual Private Networks (VPNs), which should be kept up to date.

The post Advisory Issued After 8 Vulnerabilities Discovered in Natus Xltek NeuroWorks Software appeared first on HIPAA Journal.

CSO Online Rates Cofense Triage One of Best Security Software Solutions of 2018

Posted by HIPAA Journal

Cofense Triage, the phishing incident response platform, has been included in CSO Online’s 2018 list of the best security software solutions of 2018.

To produce the list, CSO Online conducted independent reviews of a wide range of software solutions. Strict review methodologies were used to select the best security products currently on the market. Each product was researched to find out how it worked, how the solution could be deployed in customer environments, the benefits it provided, and the major problems that the solution resolved.

The review was based on the top technology areas for security identified by Gartner, which included cloud workload protection platforms, remote browsers, deception technologies, endpoint detection and response platforms, network traffic analysis solutions, managed detection and response services, microsegmentation solutions, cloud access security brokers, OSS security scanning services for DevSecOps, and container security.

CSO Online tested all security solutions in a dedicated lab environment with each tested, where appropriate, against some of the most dangerous threats faced by businesses.

CSO Online selected 12 top vendors – one in each category – with Cofense Triage selected as the best security software solution in the phishing defense category. CSO Online explained that Cofense Triage is still evolving but even in its current form it is one of the most advanced defenses businesses and implement to protect them from phishing attacks.

Cofense Triage is deployed as an on-premises virtual appliance that connects with corporate email programs and helps companies manage reports from employees of suspected phishing attempts and phishing attacks in progress.

Secure email gateways and anti-spam solutions are essential, but they fail to block all phishing threats. Many malicious emails make it past those perimeter defenses and are delivered to end users’ inboxes.

Security awareness training – also provided by Cofense – helps employees recognize phishing threats. A one-click phishing email reporting solution – such as Cofense Reporter – allows employees to quickly send suspicious emails to their security teams. Managing those emails can be difficult and time consuming, which is where Cofense Triage helps. Through a combination of human intelligence and machine learning, the solution helps security teams quickly identify the wheat from the chaff and concentrate on the real phishing attempts rather than wasting time on false positives.

Cofense notes that typically only 10% of reported emails are malicious in nature. Security teams often spend a considerable amount of time assessing the 90% of reported emails that are non-malicious in nature.

“Cofense Triage is crucial for security operations teams to quickly find and disrupt active phishing attacks mere minutes after being reported within their organization. Having Triage recognized as one of this year’s best security software solutions, and the best phishing defense solution, by the technical experts at CSO Online is a true testament to that ability,” said Aaron Higbee, CTO and co-founder of Cofense.

The post CSO Online Rates Cofense Triage One of Best Security Software Solutions of 2018 appeared first on HIPAA Journal.

TitanHQ Integrates Web Security into Datto’s Networking Suite

Posted by HIPAA Journal

TitanHQ, the leading provider of email and web security solutions for SMBs, has formed a strategic alliance with the networking giant Datto and will be providing its innovative cloud-based web filtering solution to Datto MSPs.

Norwalk, CT-based Datto is primarily a data backup, disaster recovery, and business continuity service provider. The company’s mission is to provide SMBs with the highest quality enterprise-level technology to protect their businesses and networks.

Datto achieves this through its managed service provider (MSP) partners, giving them access to software solutions to ensure their clients are well protected. The company was acquired by Vista Equity Partners in 2017 and merged with New York-based Autotask and now has offices in 21 locations in the United States, Canada, China, Denmark, Netherlands, Germany, Singapore, Australia, and the UK. The company employs more than 1,300 staff and is the world’s leading provider of MSP-delivered IT solutions.

TitanHQ Integrates Web Filtering Solution into Datto’s Networking Range

Galway-based TitanHQ is an award-winning company that provides innovative cloud-based security solutions for SMBs, including SpamTitan – A 100% cloud-based spam filtering solution –  and WebTitan – Its cloud-based DNS web filtering solution.

The increase in ransomware and phishing attacks has made web filters an important addition to MSP’s security stacks, allowing them to add an additional level of protection to prevent unauthorized individuals from accessing their healthcare clients’ networks.

WebTitan provides real-time protection from malicious URLs, IPs, and phishing websites and is capable of blocking malware and ransomware downloads by preventing end users from visiting malicious websites. The strategic alliance between Datto and TitanHQ has seen WebTitan Cloud and WebTitan Cloud for Wi-Fi integrated into Datto’s networking range and made available to MSPs.

“We pride ourselves in equipping our community of Managed Service Provider partners with the right products and tools to allow each and every customer to succeed. With that in mind, I’m delighted to welcome TitanHQ as a security partner and look forward to growing our partnership,” said John Tippett, VP, Datto Networking   

At DattoCon 2018, the largest MSP event in the United States, TitanHQ will be demonstrating its web content filtering, email filtering, and email archiving solutions to MSPs. The company will be at booth #66 in the exhibition hall for the entire conference and TitanHQ CEO Ronan Kavanagh, Sales Director Conor Madden, Marketing Director Dryden Geary, and Alliance Manager Eddie Monaghan will all be in attendance.

The post TitanHQ Integrates Web Security into Datto’s Networking Suite appeared first on HIPAA Journal.

More than 90% of Hospitals and Physicians Say Mobile Technology is Improving Patient Safety and Outcomes

Posted by HIPAA Journal

90% of hospitals and 94% of physicians have adopted mobile technology and say it is helping to improve patient safety and outcomes, according to a recent survey conducted by Black Book Research.

The survey was conduced on 770 hospital-based users and 1,279 physician practices between Q4, 2017 and Q1, 2018.

The survey revealed 96% of hospitals are planning on investing in a new clinical communications platform this year or have already adopted a new, comprehensive communications platform.

85% of surveyed hospitals and 83% of physician practices have already adopted a secure communication platform to improve communications between care teams, patients, and their families. Secure text messaging platform are fast becoming the number one choice due to the convenience of text messages, the security offered by the platforms, and the improvements they make to productivity and profitability.

98% of hospitals and 77% of physician practices said they have implemented secure, encrypted email and are using intrusion detection systems to ensure breaches are detected rapidly.

Many providers of secure text messaging solutions have developed their platforms specifically for the healthcare industry. The platforms incorporate all the necessary safeguards to meet HIPAA requirements and ensure PHI can be transmitted safely and securely. Text messaging is familiar to almost all employees who are provided access to the platforms and they make communication quick and easy.

However, 63% of respondents to the survey said they are still facing ongoing challenges with buy-in of general mobile adoption strategies and related enterprise technology execution.

30% of respondents said that even though secure methods of communication have been implemented such as encrypted text messaging platforms and secure email, they are still receiving communications on a daily basis from unsecured sources that contain personally identifiable information such as patients’ names and birthdates.

Part of the study involved an assessment of cybersecurity and privacy software and services, allowing the company to identify the vendors that are most highly regarded by customers. TigerText, the market leading provider of secure text messaging solutions for the healthcare industry, was rated highly across the board, as were Vocera, Spok, Doc Halo, and Imprivata.

Doc Halo was the highest rated secure communications platform provider among physician organizations, with Perfect Serve, Patient Safe Solutions, OnPage, Telemediq, and Voalte also scoring highly. Spok ranked highest among hospital systems and inpatient organizations, with Qlik and Cerner also receiving high marks.

“Stakeholders across the healthcare industry are in the quest of finding solutions to use comprehensive real-time data and connectivity cleverly to advance patient safety, productivity and profitability,” Doug Brown, president of Black Book Market Research. “Organizations are adopting secure text messaging platforms because texts are convenient, as well.”

The post More than 90% of Hospitals and Physicians Say Mobile Technology is Improving Patient Safety and Outcomes appeared first on HIPAA Journal.

Apple Launches API for Developers to Allow EHR Data to be Used in Care Management Apps

Posted by HIPAA Journal

Apple has launched a new application programming interface (API) for developers that will allow them to create health apps that incorporate patients’ EHR data. Patients who load their EHR data into the Apple Health Records app will be able to pass the information directly to third party apps.

The move allows app developers to create a wide range of apps that can help patients manage their care.  The first apps that will be allowed to access EHR data, if permitted by the patient, should be available in the fall to coincide with the release of iOS 12.

One such app that can be used in connection with EHR data through the Apple Health Records app is Medisafe. The Medisafe app will allow patients of participating health systems to download their prescriptions lists and set reminders when their medications need to be taken. The app will also alert them to any potentially harmful interactions between their medications.

Apple suggests apps could be developed to help patients manage their medical conditions. Access to EHR data will allow those apps to provide more accurate and useful recommendations.

Apps that help patients with nutrition could benefit from access to blood sugar readings and cholesterol levels, and those provide help with meal planning. The API will also help patients share their health data with researchers far more easily.

Privacy of Protected Health Information

Apple has avoided being classed as a business associate by ensuring no protected health information passes through its servers. If patients decide to download information from their electronic health records into the Apple Health Records app, the information is passed from their provider directly to their iPhone. No protected health information passes through Apple’s servers or is stored by Apple. All EHR data downloaded to the app are stored securely on the device and are encrypted. If the patient decides to allow third-party apps to have access to their data, that information will pass directly from their iPhone to the third-party app.

Patients who use the Apple Health Records App to view or store information taken from their EHRs should bear in mind that while data are secure on their device, that may not be the case with third-party apps.

While EHR data is subject to HIPAA laws and must be secured by patients’ healthcare providers, if the information is downloaded and provided to a third party, HIPAA Rules will not apply to any transferred data.

Patients should therefore carefully check the terms and conditions and privacy protections of any third-party app developer before passing their health data to a third-party app.

Any developers that decide to take advantage of the new Health Records API should ensure privacy and security is built into the core of the design of their apps. While app developers may not be bound by HIPAA requirements, the information provided to the apps is highly sensitive and appropriate security controls should be applied to ensure it remains confidential.

The post Apple Launches API for Developers to Allow EHR Data to be Used in Care Management Apps appeared first on HIPAA Journal.

Warnings Issued Over Vulnerable Medical Devices

Posted by HIPAA Journal

Warnings have been issued by the Department of Homeland Security’s (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) about vulnerabilities in several medical devices manufactured by Silex Technology, GE Healthcare, and Phillips. If the vulnerabilities were to be exploited, an unauthorized individual could potentially take control of the devices.

Phillips Brilliance CT Scanners

In early May, Phillips alerted the National Cybersecurity and Communications Integration Center (NCCIC) about security vulnerabilities affecting its Brilliance CT scanners. Phillips has been working to remediate the vulnerabilities and has been working with DHS to alert users of its devices to help them reduce risk. There have been no reports received to suggest any of the vulnerabilities have been exploited in the wild.

Three vulnerabilities have been discovered to affect the following scanners:

  • Brilliance 64 version 2.6.2 and below
  • Brilliance iCT versions 4.1.6 and below
  • Brillance iCT SP versions 3.2.4 and below
  • Brilliance CT Big Bore 2.3.5 and below

See ICS-CERT advisory (ICSMA-18-123-01)

The Brilliance CT scanners operate user functions within a contained kiosk environment in the Windows OS. The vulnerability – CVE-2018-8853 – could be exploited to allow an unauthorized individual or kiosk application user to gain unauthorized elevated privileges and access to unauthorized resources from the underlying Windows OS.

CVE-2018-8861 is a vulnerability in the Brilliance CT kiosk environment which could be exploited to allow an unauthorized attacker or limited access kiosk user to break out of the containment of the kiosk environment, gain elevated privileges from the underlying Windows OS, and access resources from the operating system.

CVE-2018-8857 is a vulnerability associated with hard-coded credentials used for inbound authentication and outbound communication. Those credentials could be compromised, allowing access to the system to be gained.

CVE-2018-8853 and CVE-2018-8861 both have a CVSS v3 base score of 6.1, while CVE-2018-8857 has a CVSS v3 base score of 8.4.

The vulnerabilities cannot be exploited remotely and require user interaction. According to a statement issued by Phillips, “An attacker would need local access to the kiosk environment of the medical device to be able to implement the exploit.” If exploited, the attacker could execute commands with elevated privileges and gain access to “restricted system resources and information.” The vulnerability would require a low level of skill to exploit.

The vulnerabilities are considered low-risk, but under the company’s responsible disclosure policy, an advisory was issued to alert users to the risk and provide information to reduce risk to a minimal level.

Phillips recommends only using Brilliance CT products within the specifications authorized by Phillips, such as only using Phillips-approved software, system services, and security configurations. Physical controls should also be implemented to limit access to the devices.

Phillips has taken action by remediating hard-coded credentials for its Brilliance iCT 4.x system and later versions and will continue to assess further options for remediating the vulnerabilities.

Silex SX-500, SD-320AN Wireless and GE Healthcare MobileLink

Two vulnerabilities have been discovered to affect certain Silex Technology products and GE Healthcare MobileLink technology. The vulnerabilities, tracked as CVE-2018-6020 and CVE-2018-6021, have been assigned a CVSS v3 rating of 6.5 and 7.4 respectively. See ICS-CERT advisory (ICSMA-18-128-01)

The following products are susceptible to one or both of the vulnerabilities:

GEH-500 (V 1.54 and earlier), SX-500 (all versions), GEH-SD-320AN (V GEH-1.1 and earlier), and SD-320AN (V 2.01 and earlier). The following GE MAC Resting ECG analysis systems may use vulnerable MobileLink Technology: MAC 3500, MAC 5000 (E.O.L 2012), MAC 5500 and MAC 5500 HD.

The vulnerabilities would require a low level of skill to exploit and could allow an unauthorized individual to modify system settings and remotely execute code. ICS-CERT notes that public exploits for the vulnerabilities are available.

CVE-2018-6020 concerns a lack of verification of authentication when making certain POST requests, which could allow the modification of system settings. CVE-2018-6021 concerns an improperly sanitized system call parameter, which could allow remote code execution.

The following recommendations have been made by Silex/GE Healthcare:

To mitigate CVE-2018-6020 on GE MobileLink/SX-500, users should enable ‘update’ account within the web interface, as this is not enabled by default.  To prevent changes to device configuration, users should set a secondary password for the ‘update’ account.

Silex Technology and GE Healthcare have produced updated firmware to resolve the CVE-2018-6021 vulnerability for GE MobileLink/GEH-SD-320AN, which will be available for download from May 31, 2018 once testing has been completed.

NCCIS suggests users should minimize network exposure for control system devices and/or systems to ensure they cannot be accessed over the Internet. All controls systems and remote devices should be located behind firewalls and isolated from business networks. If remote access is required, a VPN should be used.

NCCIC has advised users to conduct an impact analysis and risk assessment prior to any attempt to mitigate the vulnerabilities.

The post Warnings Issued Over Vulnerable Medical Devices appeared first on HIPAA Journal.