Since 1996, the Health Insurance Portability and Accountability Act (HIPAA) has been the cornerstone of patient privacy. The act established standards for how healthcare organizations handle and share patient data, creating a framework for ensuring confidentiality. But the healthcare landscape has transformed dramatically, and with it, the risks have multiplied. Emerging cyber threats and complex vulnerabilities have exposed critical gaps in HIPAA’s protections. In response, lawmakers are advancing new legislation aimed at fortifying healthcare organizations against the escalating tide of cyberattacks. Last year, lawmakers introduced two bills – the Healthcare Cybersecurity Act of 2024 and the Health Infrastructure Security and…
Author: Errol Weiss
Errol Weiss
Errol Weiss, Health-ISAC Chief Security Officer, has over 25 years of experience in Information Security beginning his career with the National Security Agency. He created and ran Citigroup’s Cyber Intelligence Center and was a Senior Vice President Executive with Bank of America’s Global Information Security team.
The global healthcare system has become increasingly integrated with third-party medical suppliers in recent years. These suppliers are vital in providing essential services, medical equipment, pharmaceuticals, and digital tools that healthcare organizations depend on to operate efficiently. However, while these integrations have undeniably enhanced efficiency across the medical supply chain, they have also created new vulnerabilities – vulnerabilities that cybercriminals are exploiting. In the past few months, three critical medical suppliers – OneBlood, Synnovis, and Octapharma – have fallen victim to sophisticated cyberattacks by Russian ransomware groups. These breaches led to widespread disruptions in healthcare services, from delays in blood…
