Top Stories
HITRUST e1 Certification Use Cases
With the introduction of the new HITRUST e1 Certification, we are taking a look at some specific use cases for this new, simpler HITRUST certification:
- In the Marketplace,
- As a Stepping Stone,
- For Third-Party Risk Management, and
- For Other Business Purposes.
FBI Disrupts ‘Hive’ Ransomware Group - WSJ
U.S. authorities seized the servers of the notorious ransomware group that often-targeted hospitals and captured keys to decrypt its software. “We hacked the hackers,” the Justice Department said.
Breaches
CommonSpirit Facing 2 Proposed Class Actions Post-Breach
CommonSpirit negligently failed to protect sensitive health information, resulting in a data compromise affecting more than 623,000 patients - and perhaps many more, allege plaintiffs in two proposed federal class action lawsuits filed in the aftermath of the hospital chain's 2022 ransomware attack.
Logan Health agrees to $4.3M settlement after 2021 health data breach | SC Media
Logan Health Medical Center has reached a $4.3 million settlement with the 213,543 patients and employees whose personal and protected health information was likely accessed during a Nov. 22, 2021, cyberattack.
Annual Data Breach Report - ITRC
In 2022, U.S. organizations issued 1,802 data breach notifications, reporting the exposure of records or personal information affecting more than 400 million individuals, the Identity Theft Resource Center reports.
Security
Why Healthcare Orgs Must Prioritize 3rd-Party Risk Management
The good news is that there are guidelines to explain how healthcare organizations should manage third parties. The two principal guidelines are the Health Insurance Portability and Accountability Act and the Health Insurance Trust Alliance.
NIST Releases Potential Updates to Its Cybersecurity Framework - Nextgov
The National Institute of Standards and Technology announced its intent to make new revisions to its Cybersecurity Framework document, with an emphasis on cyberdefense inclusivity across all economic sectors.
T-Mobile Breach Highlights Common Corporate Security Weakness - WSJ
The data breach of about 37 million T-Mobile US Inc. customers occurred through an attack on an API, or application programming interface, highlighting a risk facing many businesses.
Privacy
Controller guidance | ICO
The U.K. Information Commissioner's Office published updated guidance for using binding corporate rules as a data transfer mechanism. The updates are geared toward a "simplified" approach for controllers and processors with the ICO noting it will "only request supporting documents and commitments once during the U.K. approval process."