Security News

As the NHS in England is set to launch a competition for a far-reaching patient data platform, a public consultation has said decisions about health data sharing should not be taken by politicians. A report by England's National Data Guardian, an independent watchdog for health data appointed by the Secretary of State for Health and Social Care, found that in citizen juries consulted on health data, "Very few jurors wanted decisions about the future of these initiatives to be taken by the minister or organization accountable for them. Most believed that an independent body of experts and lay people should assess the data sharing initiatives."

Kaiser Permanente, one of America's leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. Founded in 1945, Kaiser Permanente provides health care services to over 12.5 million members from 8 U.S. states and Washington, D.C. The company revealed in a notice published on its website that an attacker accessed an employee's email account containing patients' protected health information on April 5, 2022, without authorization.

A report of the European Union Agency for Cybersecurity explores how pseudonymization techniques can help increase the protection of health data. This is especially true since providing health services today implies an extended exchange of medical information and of health data among different healthcare service providers.

Amazon Web Services announced the general availability of Amazon HealthLake, a HIPAA-eligible service for healthcare and life sciences organizations to ingest, store, query, and analyze their health data at scale. Using Amazon HealthLake, organizations can easily move their FHIR-formatted health data from on-premises systems to a secure data lake in the cloud.

News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released. What is known about the data breach at the psychotherapy center?

There are growing privacy concerns among Americans due to COVID-19 with nearly 70 percent citing they would likely sever healthcare provider ties if they found that their personal health data was unprotected, a CynergisTek survey reveals. "As healthcare systems and corporations continue to grapple with data challenges associated with COVID-19 - whether that's more sophisticated, targeted cyber-attacks or the new requirements around interoperability and data sharing, concerns around personal data and consumer awareness of privacy rights will only continue to grow," said Caleb Barlow, president and CEO of CynergisTek.

Contact-tracing applications require employers to collect all kinds of employee health data that they never had to worry about before - temperatures, health symptoms and travel history, for example - and they aren't sure how to use and protect this data in a way that balances health and safety with privacy. To help get you started on the right path, here is a 10-point plan for securing PII, including new employee health data collected through COVID-19 contact-tracing applications and other healthcare tracking systems.

UK government has published the contracts it holds with private tech firms and the NHS for the creation of a COVID-19 data store, just days after campaigners fired legal shots over a lack of transparency. Campaign groups Foxglove and openDemocracy, which brought the action, said that the documents show the tech firms were set to build data models for commercial purposes from NHS training data before being challenged.

Hacking incidents involving email appear to be the most common type of major health data breach being reported to federal regulators so far in 2020. A snapshot Wednesday of the Department of Health and Human Services' HIPAA Breach Reporting Tool shows that so far in 2020, 38 health data breaches affecting a total of about 1.1 million individuals have been added to the official tally.

Under HIPAA, covered entities are required to report breaches impacting protected health information within 60 days of discovering the breach. In its breach notification statement, PIH Health says that on June 18, 2019, it learned that certain PIH Health employee email accounts had potentially been accessed without authorization as a result of a targeted phishing campaign.