Geisinger has disclosed a data breach involving patient information, stemming from a former employee of its IT vendor, Nuance. The breach has led to both an investigation and an arrest. Although financial data remains unaffected, this incident raises concerns over the security practices of external vendors handling sensitive healthcare information.

Geisinger patient data compromised by IT vendor's ex-employee Becker's Hospital Review

A federal judge in Texas ruled against a 2022 guidance from the Department of Health and Human Services (HHS) that restricted the use of third-party online tracking technologies on hospital websites, siding with the American Hospital Association and other plaintiffs. The HHS had issued this guidance to prevent potential violations of the Health Insurance Portability and Accountability Act (HIPAA) due to patient data exposure through tools like Google Analytics and Meta Pixel. The American Hospital Association argued the guidance was unlawful and hindered hospitals' ability to share information and improve public health. The judge agreed, stating the HHS overstepped its authority and vacated the guidance, allowing hospitals to again utilize these web tracking tools.

HHS policy against hospital web trackers rule unlawful Fierce Healthcare

The upcoming weeks will see the Biden administration release new regulations mandating minimum cybersecurity standards for U.S. hospitals, based on goals set by the Department of Health and Human Services (HHS) earlier this year. These regulations are intended to enhance the healthcare sector's cyber resilience against escalating threats. While initial requirements will target hospitals, there are concerns that focusing only on hospitals overlooks the broader healthcare ecosystem, including insurers and third-party vendors who also face significant cyber threats. The administration is collaborating with sector leaders to balance effective security practices with the financial and operational realities faced by healthcare providers, particularly smaller and resource-limited institutions. Additionally, New York State is independently advancing its own stringent cybersecurity regulations for hospitals, highlighting the critical need to safeguard healthcare infrastructures against cyber threats.

Will Upcoming HHS Cyber Regs Move Needle in Health Sector? bankinfosecurity

The healthcare sector has experienced severe cyberattacks in 2024, highlighting the critical need for robust cybersecurity measures. While advanced tools are tempting, focusing on fundamental security practices like multi-factor authentication (MFA) is essential. Many organizations, including Change Healthcare, have suffered due to neglecting these basics. Comprehensive risk analyses, incident response plans, and continuous workforce training are crucial to safeguarding sensitive health information and maintaining operational resilience. Security leaders must prioritize these foundational elements to effectively mitigate cyber threats and ensure compliance with regulations like HIPAA.

Why security basics are the key in safeguarding data healthdatamanagement