Health IT Privacy & Security

Articles and education for healthcare professionals on best practices and guidelines for health IT privacy & security.

OCR Guidance on Ensuring Equal Access to Emergency Services During Hurricane Florence

Nathan E Botts 0 23373 Article rating: 5.0

Official guidance from the Office for Civil Rights

As Hurricane Florence makes landfall, the HHS Office for Civil Rights (OCR) and its federal partners remain in close coordination to help ensure that emergency officials effectively address the needs of at-risk populations as part of disaster response. If you believe that a person or organization covered by the Privacy and Security Rules (a "covered entity") violated your health information privacy rights or otherwise violated the Privacy or Security Rules, you may file a complaint with OCR. For additional information about how to file a complaint, visit OCR's web page on filing complaints at http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html.

Everything you need to know about the WannaCry / Wcry / WannaCrypt ransomware

Nathan E Botts 0 21960 Article rating: No rating

I woke up to a flood of news about ransomware today. By virtue of being down here in Australia, a lot happens in business hours around the world while we're sleeping but conversely, that's given me some time to collate information whilst everyone else is taking a break. The WannaCry incident is both new and scary in some ways and more of the same old stuff in others. Here's what I know and what the masses out there need to understand about this and indeed about ransomware in general.

Ransomware Fact Sheet

Nathan E Botts 0 12769 Article rating: No rating

Guidance from the U.S. Department of Human Services

From the HHS Ransomware Fact Sheet:

A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015).1 Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data.

12345