As ransomware attacks and phishing attempts persist in the age of the coronavirus (COVID-19), healthcare organizations have correctly poured many resources into combatting these attacks. However, as always, cybercriminals are finding new ways to access protected health information (PHI).
Q: Do companies such as FitBit (and others that sell wearable devices that track and store health information) need to abide by HIPAA regulations? Should I be concerned with how these companies are viewing and sharing my health information?
Mobile Anesthesiologists, an Illinois-based company offering healthcare services throughout the country, reported a breach in March affecting 65,403 individuals, according to the Office for Civil Rights breach report.
One year into the coronavirus (COVID-19) pandemic, phishing attacks against healthcare organizations remain a chief concern. Threat actors are constantly finding new vulnerabilities to exploit. It’s like a game of whack-a-mole: When healthcare organizations swat away one problem, another pops up.
Q: Are we allowed to use case studies involving real incidents that occurred at our facility as part of our HIPAA training? We’ve always been told that real-life examples will resonate with staff, but wouldn’t this be a HIPAA violation?