Top Stories
Health3PT Unveils First Actions to Address Third-Party Risk Management
By undergoing a HITRUST Assessment, vendors can more effectively demonstrate their dedication to security and compliance. This offers a notable advantage for vendors seeking contracts with healthcare organizations, giving them a competitive edge over those without the certification. Furthermore, it helps ensure that all vendors adhere to the same high standards, decreasing the chances of data breaches and other security incidents.
HITRUST Completes Compliance Reporting Pilot in Support of Microsoft’s Global Healthcare Compliance Scale Initiative - HITRUST Alliance
Healthcare compliance concerns often impede solution adoption globally. HITRUST will make available a HIPAA Compliance Insights Report to HITRUST customers who complete assessments using versions 9.5 and later of the HITRUST CSF. It also identifies compliance requirements that are met by Microsoft and partners through shared responsibilities and inheritance, and any remaining requirements that are the healthcare organization’s responsibility. This helps alleviate compliance concerns and accelerate healthcare solution adoption.
Breaches
Medtronic Reports InPen Mobile Diabetic App Tracking Breach
Diabetic patients who used a Medtronic smartphone app for managing insulin levels are being told that Google may have collected certain personal information through the sign-in infrastructure.
New England Health Plan Still Recovering From Attack
A health insurer to 2.2 million New Englanders is struggling to recover after it identified a ransomware attack 10 days ago that forced it to take many of its IT systems and functions offline.
CA Health Plan Reports Data Breach Tied to Fortra GoAnywhere Hack
California-based Santa Clara Health Plan (SCHP) reported a breach tied to a known vulnerability in Fortra’s GoAnywhere managed file transfer (MFT) solution that impacted 276,993 individuals.
Excel File Exposed to Internet at CA Health System
“The excel file contained names, facility information, patient room numbers, diagnosis/condition information, and dates.”
Ex-Methodist Staff Plead Guilty to Illegal PHI Exposure in HIPAA Violation Case
Several ex-Methodist Hospital workers admitted to violating HIPAA regulations by unlawfully exposing PHI of motor vehicle accident victims to third parties, such as injury lawyers and chiropractors.
Security
Microsoft: Windows 10 22H2 is the final version of Windows 10
Microsoft says Windows 10, version 22H2 will be the last feature update to be released for the Windows 10 operating system.
Google Debuts Cybersecurity-Focused AI System - WSJ
Google’s cloud unit has launched a platform integrating its threat intelligence and cybersecurity operations services with generative artificial intelligence.
Privacy
6 Plead Guilty in Criminal HIPAA Scheme at Health Entity
Six individuals - including five former employees of a Tennessee healthcare organization - pleaded guilty to criminal HIPAA violations in an alleged scheme involving the sale of motor vehicle accident patient information to third parties.
Montana, Tennessee comprehensive privacy bills clear legislatures
Montana Senate Bill 384 aligns exclusively with the Connecticut Data Privacy Act after surprise amendments during the cross-chamber process. Tennessee's bill brings the most unique provisions, including enforcement that hinges on adoption of the U.S. National Institute of Standards and Technology's Privacy Framework.
Europe
Hacked therapy centre's ex-CEO gets 3-month suspended sentence | News | Yle Uutiset
The court found the ex-CEO of Vastaamo, Ville Tapio, guilty of a data protection crime because he did not fulfil General Data Protection Regulation (GDPR) requirements, in terms of the pseudonymisation and encryption of patient data handled by the center
Authentication Vendor Yubico to Go Public at $800M Valuation
Hardware-based authentication vendor Yubico plans to go public at an $800 million valuation by merging with a special purpose acquisition company.
Misc
OpenAI improves ChatGPT privacy with new data controls | Engadget
OpenAI is tightening up ChatGPT’s privacy controls. The company announced today that the AI chatbot’s users can now turn off their chat histories, preventing their input from being used for training data.