Vendors and HIPAA – DataBreaches.Net

Matt Fisher of Carium writes:

An important part of establishing strong security for an organization rests with how it interacts with its vendors. The creation of a chain of entities creating, interacting with, storing, or otherwise handling sensitive patient information starts at the top, but can easily and frequently go down many layers. Given the layered approach, every time an organization introduces a new sublayer that organization must keep security as a forefront consideration. The risks associated with vendors not appropriately deploying security measures can be seen with the increasing number of data breaches resulting from an issue at the vendor level. Given that reality, what should or should not happen at each vendor level?

Read some of his down-to-earth advice at The Pulse

Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
TX: Kaufman County Faces Cybersecurity Attack: Courthouse Computer Operations Disrupted
Bombay High Court Orders Department of Telecommunications to Block Medusa Accounts After Generali Insurance Data Breach
Cyber-Attack On Bectu’s Parent Union Sparks UK National Security Concerns
Attorney General James Announces Settlement with Wojeski & Company Accounting Firm
JFL Lost Up to $800,000 Weekly After Cyberattack, CEO Says No Patient or Staff Data Was Compromised

Related: