WWRS Philippines secures ISO/IEC 27001 and HIPAA certifications – Daily Tribune
Bill Seeks HIPAA-Like Protections for Consumer Health Data – Bank Info Security
Bill Seeks HIPAA-Like Protections for Consumer Health Data Bank Info Security
Bill Seeks HIPAA-Like Protections for Consumer Health Data – Bank Info Security
Bill Seeks HIPAA-Like Protections for Consumer Health Data Bank Info Security
Cybersecurity Should Be Viewed as a Strategic Enabler of the Business – The HIPAA Journal
Cybersecurity Should Be Viewed as a Strategic Enabler of the Business The HIPAA Journal
Cybersecurity Should Be Viewed as a Strategic Enabler of the Business
The US Healthcare Cyber Resilience Survey from EY and KLAS Research has revealed that more than 7 out of 10 healthcare organizations have experienced significant business disruption due to cyberattacks in the past two years.
The survey was conducted on 100 healthcare executives responsible for cybersecurity decisions within their organization. On average, organizations experienced an average of five different cyber threats in the past year, the most common of which was phishing, experienced by 77% of organizations. The next most commonly encountered threats were third-party breaches (74%), malware (62%), data breaches (47%), and ransomware (45%). Only 3% of respondents reported not experiencing any cyber threats in the past year.
These cyber incidents are having a considerable impact on patient care and business operations. 72% of respondents reported that their organization experienced a moderate to severe financial impact due to cyberattacks in the past two years, 60% reported a moderate to severe operational impact, and 59% reported a moderate to severe clinical impact.
In healthcare, cybersecurity is often viewed as a set of defensive measures to protect against cyber threats and ensure compliance, but cybersecurity should be elevated to an organizational priority. Cyberattacks have a significant impact on patient care and business operations, damaging the organization’s reputation and affecting its bottom line. Healthcare organizations that make cybersecurity an organizational priority find that it creates value and helps them deliver better outcomes.
Cybersecurity investment should be aligned with outcomes such as reduced downtime, improved patient safety, and financial stability, and the survey suggests that CISOs are getting better at communicating this to the C-suite. When the cost of cybersecurity investment is compared to the cost of an outage on patient care and revenue, funds are often provided. The survey suggests that the main challenge is not getting the company to invest in cybersecurity, but to sustain the financial commitment over time, especially when budgets tighten or priorities shift. It can be especially hard to maintain that commitment when, after investing in cybersecurity, the organization continues to experience moderate to severe cyber events.
“Cyber needs to be a shared responsibility across the organization and the health ecosystem,” explained EY and KLAS in the report. “In a time of tight budgets, cutting cyber investments can leave health organizations more vulnerable and ultimately lead to higher costs. Health executives must pivot from viewing cyber as a cost center to a strategic enabler of the business.”
The problem faced by many organizations is competing organizational priorities and tight budgets, which were cited as a problem by two-thirds of respondents. Other challenges affecting healthcare organizations include a rapidly changing threat landscape, AI-driven threats, third-party risk management, and the difficulty of recruiting and retaining cybersecurity talent.
One of the main takeaways from the report is the importance of viewing cybersecurity as more than a set of technical and administrative safeguards to achieve compliance. Cybersecurity needs to be viewed as a value creator that is as critical to the success of other business needs, be that improved patient outcomes, geographical expansion, or smart care models. “When cyber is integrated into care delivery and operational and business strategy, it becomes more than compliance. It serves as a catalyst for trust, transformation, long-term resilience, and care delivery that is future-proof,” suggest EY and KLAS.
The post Cybersecurity Should Be Viewed as a Strategic Enabler of the Business appeared first on The HIPAA Journal.
Willis-Knighton Medical Center Settles Website Tracking Technology Lawsuit
A settlement has been agreed to resolve a class action lawsuit against the Louisiana health system, Willis-Knighton Medical Center. The litigation stems from the use of tracking technologies on its public-facing website.
Several lawsuits were filed against Willis-Knighton Medical Center over the use of tracking tools on its website and patient portal, which are alleged to have caused unauthorized transmissions of personally identifiable, non-public information to third parties such as Google and Facebook. The lawsuits were consolidated in a single action – Jacqueline Horton, et al. v. Willis-Knighton Medical Center – which was heard in the 10th Judicial District Court for Natchitoches Parish in Louisiana.
Tracking technologies such as pixels are extensively used on the Internet, including by many healthcare providers. The problem is that these tools may collect sensitive data from website visitors, including information classed as protected health information under HIPAA. That information may be transmitted to third parties unauthorized to receive the information. One study found that more than 99% of hospitals had added these tools to their websites.
Willis-Knighton Medical Center denies the allegation and specifically denies that any medical information from its website or patient portal was shared with Facebook or Google; however, to avoid the cost and distraction of continuing with the litigation, and the uncertain outcome of a trial, the decision was taken to settle the litigation.
Under the terms of the settlement, class members are entitled to one year of CyEx Privacy Shield Pro, a privacy protection product, and may also claim a cash payment. The cash payments differ depending on the subclass. Individuals who used the “request an appointment” feature may claim a cash payment of $25, members of the InteliChart settlement class may claim a cash payment of $38, and members of the Medtech settlement class may claim a cash payment of $15.
Willis-Knighton Medical Center has also agreed not to use 16 specified digital analytics tools on its website and patient portal for a period of two years from the date of final approval of the settlement. The list includes Google DoubleClick, Google Ads, Meta, Amazon, TikTok, Pinterest, and TheTradeDesk.
The deadline for objection to and exclusion from the settlement is November 18, 2025. Claims must be submitted by December 18, 2025, and the final approval hearing has been scheduled for January 22, 2026.
The post Willis-Knighton Medical Center Settles Website Tracking Technology Lawsuit appeared first on The HIPAA Journal.