Top Stories
New Calculators Add Transparency and Ease-of-Use to HITRUST Assessment Scoring, Inheritance Math, and Sampling
The new HITRUST Requirement Scoring Calculator lets you explore different scoring scenarios for a single requirement across all HITRUST assessment types, including the i1 and bC Assessments. It supports both the current and legacy control maturity weights, and allows measured and managed to be optionally excluded for r2, custom, and targeted assessments. Its logic is up-to-date on HITRUST Assurance Program Advisories and is reflective of requirement-level scoring in MyCSF.
Amazon to Acquire One Medical Clinics in $3.9 Billion Deal - The New York Times
The $3.9 billion deal is Amazon’s latest acquisition in the health care industry. In 2018, it acquired PillPack, an online pharmacy.
Breaches
Health Sector Suffered 337 Healthcare Data Breaches in First Half of Year
The HHS Office for Civil Rights data breach portal showed that there have been 337 healthcare data breaches impacting more than 500 individuals each in the first half of this year, signifying a slight decrease from 368 at this time last year.
Tenet Health cyberattack, monthlong outage led to $100M in 'unfavorable impact'
The April “cybersecurity incident” that led to several weeks of downtime and service delays at Tenet Healthcare facilities caused $100 million in unfavorable impact. The hefty price tag was brought on by lost revenues from interruptions to business operations and remediation.
Security
NIST Updates Guidance for Health Care Cybersecurity | NIST
Revised draft publication aims to help organizations comply with HIPAA Security Rule.
CSA Issues Guidance on Third-Party Risk Management in Healthcare
Drafted by the Health Information Management Working Group, the Cloud Security Alliance (CSA) released new guidance on third-party risk management in healthcare.
WHO Rushed In New Security Steps After 2020 Cyberattack - WSJ
Key improvements include multifactor authentication on hundreds of WHO systems that didn’t already have it, and a security operations center to monitor threats around the clock. Another project strengthened email security with a process to eliminate spoofed messages.
US CISA to Set Up Attache Office in London - GovInfoSecurity
The U.S. Cybersecurity and Infrastructure Security Agency is opening a London office in a first step toward boosting its global reach.
Privacy
11 health providers settle HIPAA right of access failures with feds
The Department of Health and Human Services Office for Civil Rights announced settlements with 11 covered entities to resolve claims the providers’ failed to give patients timely access to their medical records, in violation of the Health Insurance Portability and Accountability Act.
American Data Privacy and Protection Act heads for US House floor
The bill's next act will come on the U.S. House floor after the House Committee on Energy and Commerce markup July 20 resulted in a 53-2 vote to advance the bill to full House consideration. The vote to advance marks the first time a comprehensive privacy bill will be made available for a full chamber vote in either the House or the Senate.
How China's draft SCCs compare with EU SCCs
In general, China’s SCCs share a number of similarities with the EU SCCs, such as requiring both the data exporter and the overseas recipient to take measures to ensure the security of the transferred personal information and providing third-party beneficiary rights to data subjects.
EU Commission Sued Over Alleged Transatlantic Data Breach to the US
The lawsuit—now admitted by the General Court of the European Union (EGC)—alleges the use of Amazon Web Services, the use of Facebook login on a Commission website, and an incomplete and omitted disclosure to the EU citizens.
Data adequacy agreement in principle between the UK and Republic of Korea - GOV.UK
South Korea and the U.K. reached an "adequacy agreement in principle" for cross-border data sharing.