Home » CTEK in the News » What To Do When Vendors Fail

× Share this Article

Facebook
Twitter
Email
LinkedIn

What To Do When Vendors Fail

May 14, 2020

Share this Article
Facebook
Twitter
Email
LinkedIn

NRC Health, a software and patient satisfaction survey provider holding data from more than 25 million patients

NRC Health, a software and patient satisfaction survey provider holding data from more than 25 million patients, was locked out of its computer system in February because of a ransomware attack. When a breach like this occurs, the fault (at least in the eyes of the federal Office for Civil Rights [OCR]) tends to land on the vendor’s shoulders. But this is not always the case.

David Holtzman, Executive Advisor at CynergisTek, contributes this article, which focuses on on how healthcare providers deal with the security of their vendors, as well as HIPAA requirements/suggestions.

Click here to read the full story.

The CyberWire Daily Podcast - Episode 1093

Cyberwire’s latest podcast features Caleb Barlow as he discusses if GDPR may have unintended consequences f...

Ransomware Attackers Exfiltrate Data From Magellan Health

Magellan Health, a U.S. managed care company that focuses on specialty areas of healthcare, says it was hit...

Most Recent Articles

Health Entities Should Vet Risks of ChatGPT Use

Jon Moore considers how healthcare entities should address patient data risks when clinicians use ChatGPT or similar AI tools

Change, Opportunities, and Threats: Healthcare Innovation's State of the Industry Survey

This article shares some of the highlight results from Healthcare Innovation's annual survey, with analysis of the results by industry leaders and observers.

Analysis: Third-Party Health Data Breaches Dominated in 2022

Hacking and business associate incidents dominated in 2022, foreshadowing the top risks and threats that will impact healthcare and their vendors this year

2023 Predictions From Health Executives

Jon Moore shares his predictions for 2023 cybersecurity supply chain risk

Healthcare’s Digitization: Coming to Terms with Cybersecurity Supply Chain Risk

Jon Moore discusses cybersecurity supply chain risk and the actions that organizations should take in order to properly implement and prepare for new technology.

Healthcare Executives Make Predictions for 2023

Dave Bailey shares 2023 predictions in healthcare cybersecurity including ransomware, supply chain, and medical device threats.

‘Out of control’: Dozens of telehealth startups sent sensitive health information to big tech companies

A joint investigation by STAT and The Markup of 50 direct-to-consumer telehealth companies found Virtual care websites were leaking sensitive information to the world’s largest advertising platforms.

Community Health Network reports online tracking data breach affecting 1.5 million

The provider says pixels used to collect information about website users may have transferred certain types of patient information since 2017.

OCR Outlines Proper Use of Tracking Tech to Maintain HIPAA Compliance

Andrew Mahler discusses recent OCR bulletin outlining how organizations using tracking tech like Meta Pixel should pay close attention to whether PHI is being handled in accordance with HIPAA.

HHS: Web Trackers in Patient Portals Violate HIPAA

Andrew Mahler discusses the recent HHS warning on the use of tracking code in many healthcare websites and portals could be violating HIPAA privacy regulations.

New Healthcare Privacy Challenges as Online Data Tracking, Sharing Methods Evolve

Andrew Mahler, former OCR investigator shares his expertise on new privacy laws and challenges and best practices healthcare, and how they may have added salience in a post-Dobbs decision world.

Anesthesiology Services Firm Faces 5 Class Action Lawsuits

Clearwater's Jon Moore Jon Moore considers several lessons emerging from the Somnia case related to vendor security.

Healthcare’s Pixel problem: Meta-based marketing projects spur privacy questions

Andrew Mahler discusses the idea that providers now need to think outside of routine types of patient information disclosures.

Hospitals must do more to improve cybersecurity | HLTH Conference

Health systems have made progress, but they still have a long way to go, says Clearwater CEO Steve Cagle. Hospital executives must drive change from the top.

A Cybersecurity CEO's Take on Mitigating Cyber Risk & Preparing for a Healthcare Ransomware Attack

Healthcare Sector Urged to Address OpenSSL Flaws

Healthcare organizations should be ready to find and patch instances of OpenSSL 3.0, warn cybersecurity experts.

Cybersecurity Awareness Throughout the Technical Supply Chain

Healthcare security experts are offering their two cents on the technical supply chain as part of a cybersecurity awareness month campaign

Outdated Medical Devices are an Enterprise Problem

Ben Denkers discusses the industry alert issued in September 2022 from the FBI regarding unpatched and outdated medical devices that are vulnerable to cyberattacks

Healthcare Security Insights and Perspectives from Mac McMillan

Mac McMillan discusses the impacts and cost of disruption at the latest HCP Fall Conference.

Cybersecurity Awareness and Enabling Multi-Factor Authentication

Healthcare security experts are offering their two cents on enabling multi-factor authentication as part of a cybersecurity awareness month campaign

Return to Home

Insights Center

What To Do When Vendors Fail

Previous Article

Next Article