Geisinger Health is investigating a data breach involving a former employee of the IT vendor Nuance who purportedly accessed patient information without authorization. The compromised data includes personal information, though financial data remains unaffected. The investigation has resulted in the arrest of the individual responsible, with Geisinger notifying impacted patients and taking steps to mitigate potential risks.

Geisinger patient data compromised by IT vendor's ex-employee Becker's Hospital Review

Geisinger has disclosed a data breach involving patient information, stemming from a former employee of its IT vendor, Nuance. The breach has led to both an investigation and an arrest. Although financial data remains unaffected, this incident raises concerns over the security practices of external vendors handling sensitive healthcare information.

Geisinger patient data compromised by IT vendor's ex-employee Becker's Hospital Review

A federal judge in Texas ruled against a 2022 guidance from the Department of Health and Human Services (HHS) that restricted the use of third-party online tracking technologies on hospital websites, siding with the American Hospital Association and other plaintiffs. The HHS had issued this guidance to prevent potential violations of the Health Insurance Portability and Accountability Act (HIPAA) due to patient data exposure through tools like Google Analytics and Meta Pixel. The American Hospital Association argued the guidance was unlawful and hindered hospitals' ability to share information and improve public health. The judge agreed, stating the HHS overstepped its authority and vacated the guidance, allowing hospitals to again utilize these web tracking tools.

HHS policy against hospital web trackers rule unlawful Fierce Healthcare

The upcoming weeks will see the Biden administration release new regulations mandating minimum cybersecurity standards for U.S. hospitals, based on goals set by the Department of Health and Human Services (HHS) earlier this year. These regulations are intended to enhance the healthcare sector's cyber resilience against escalating threats. While initial requirements will target hospitals, there are concerns that focusing only on hospitals overlooks the broader healthcare ecosystem, including insurers and third-party vendors who also face significant cyber threats. The administration is collaborating with sector leaders to balance effective security practices with the financial and operational realities faced by healthcare providers, particularly smaller and resource-limited institutions. Additionally, New York State is independently advancing its own stringent cybersecurity regulations for hospitals, highlighting the critical need to safeguard healthcare infrastructures against cyber threats.

Will Upcoming HHS Cyber Regs Move Needle in Health Sector? bankinfosecurity