CIOs are increasingly incorporating sustainability criteria into their evaluation of potential vendors and IT investments. This shift reflects a broader commitment to sustainability within their organizations. By vetting partners and solutions for green initiatives, CIOs aim to align their technology infrastructure with environmental goals, ensuring that IT practices contribute to broader ecological and corporate social responsibility objectives.

CIOs go green, vet IT investments for sustainability publication

The enforcement of the HIPAA Security Rule is primarily overseen by HHS’ Office for Civil Rights (OCR), although other federal agencies, State Attorneys General, and organizations’ own HIPAA Privacy Officers often play more proactive roles in enforcement actions. OCR investigates a minimal number of breach notifications, typically less than 1%, leading to few enforcement actions. Violations requiring attention by other agencies, like the Department of Justice or HHS’ Office of Inspector General, often involve criminal actions or potential federal program exclusions. State Attorneys General may also impose civil monetary penalties for data breaches. While HIPAA Privacy Officers enforce compliance within organizations, the potential for future indirect enforcement by CMS through federal health program conditions signifies a need for stringent voluntary compliance to avoid penalties and exclusions.

Who is Responsible for Enforcing the HIPAA Security Rule? The HIPAA Journal

State Representative Donni Steele has called for increased penalties for ransomware attacks targeting Michigan hospitals after a cyber attack impacted McLaren's IT and telephone systems. Currently, hacking penalties in Michigan max out at five years in prison, while ransomware possession carries up to three years. Steele argues these punishments are insufficient given the disruptions to critical medical services, such as those experienced by McLaren and Ascension Healthcare in recent months. Both healthcare systems faced significant operational issues due to cyber attacks, with Ascension confirming potential exposure of patient data. Steele is advocating for stronger legislative measures and enhanced law enforcement collaboration to combat these cyber threats effectively.

Lawmaker calls for increased penalties for ransomware attacks against Michigan hospitals The Detroit News

Microsoft has stated that Delta Air Lines' slow recovery from a recent network outage was likely due to outdated technology. The airline experienced significant delays and cancellations, which Microsoft attributes to their reliance on legacy systems that are less resilient to disruptions. This highlights the growing need for companies to modernize their IT infrastructure to improve reliability and response times.

Microsoft Says Delta’s Technology Outdated, Likely Contributed to Slow Recovery The Wall Street Journal