HIPAA Compliance Training Programs
HIPAA compliance training programs are foundational training courses that ensure every member of the workforce understands basic HIPAA provisions to better protect patient information, follow internal policies and procedures, recognize privacy and security risks, and respond appropriately to incidents. The purpose of HIPAA compliance training programs is to fill gaps in workforce knowledge that are attributable to organizations applying the HIPAA training requirements to the letter of the law. For example, the HIPAA Privacy Rule training standard (45 CFR 164.530(b)(1)) states: “A covered entity must train all members of its workforce on policies and procedures […] as necessary and appropriate for the members of the workforce to carry out their functions within the covered entity”. When this requirement is complied with literally, staff may understand the organization’s policies and procedures, but not the underlying principles. This can lead to confusion in new or ambiguous situations, and unintentional violations of HIPAA when the connection between policy and behavior is absent....
Warning Issued About Akira Ransomware as Attacks on Critical Infrastructure Accelerate
A joint cybersecurity advisory has been issued by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense Cyber Crime Center (DC3), Department of Health and Human Services (HHS), and international law enforcement partners about the Akira ransomware group, which has accelerated its attacks on critical infrastructure in recent months. According to the FBI, Akira has been paid more than $244 million in ransoms since the group was first identified in March 2023. While Akira primarily targets small- to medium-sized organizations, the group has also attacked larger organizations, favoring sectors such as manufacturing, education, information technology, healthcare, financial services, and food and agriculture. The group’s tactics are constantly evolving. While the group initially targeted Windows systems, a Linux version of its encryptor has been developed that is used to target VMware Elastic Sky X Integrated (ESXi) virtual machines (VMs), and recently the group has been observed encrypting Nutanix AHV VM disk files....
HIPAA Compliance for Pediatricians
HIPAA compliance for pediatricians means following established privacy and security policies to protect children’s protected health information at every touchpoint, including verifying a parent or guardian’s authority before disclosures, applying the minimum necessary standard in communications with schools and caregivers, safeguarding records across EHRs, portals, and mobile devices, and promptly reporting potential incidents so privacy or security risks are contained quickly. HIPAA compliance for pediatricians is complicated by the provisions of the Privacy Rule relating to personal representatives of unemancipated minors and the data sharing requirements of the 21st Century Cures Act Interoperability Final Rule. Most pediatricians, or the organizations they work for, are Covered Entities under HIPAA if they transmit health information electronically in connection with a transaction for which the Department of Health and Human Services (HHS) has developed standards. These transactions include (but are not limited to): Payment and remittance advice Claims status Eligibility...
Which Aspect of HIPAA Most Affects EMS Personnel?
The HIPAA Privacy Rule most affects EMS personnel because field care requires rapid decisions about when protected health information may be used or disclosed for treatment, when disclosures to family, bystanders, and public safety officials are permitted, and how to apply the HIPAA Minimum Necessary Rule while operating in uncontrolled environments. EMS personnel manage protected health information during dispatch, radio traffic, on-scene assessment, transport, and handoff to emergency department staff. The operational pressure point is disclosure control. Patient details can be overheard by neighbors, other patients, media, and law enforcement. EMS personnel need to use reasonable safeguards such as lowering voices when possible, limiting identifiers in public areas, and avoiding disclosures of clinical details to bystanders who are not involved in care. Treatment disclosures usually support EMS operations without patient authorization. Information may be shared with hospitals, other responding units, and receiving facilities to coordinate care. The HIPAA Privacy Rule also...
Urgent Patching Required to Fix Actively Exploited Cisco Flaws
Threat actors are actively exploiting multiple Cisco vulnerabilities for which patches were previously issued in August; however, attacks are ongoing, including attacks on devices that have been improperly patched. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a cybersecurity alert this week about two critical Cisco vulnerabilities – CVE-2025-30333 and CVE-2025-20362 – affecting Cisco Adaptive Security Appliances (ASA) and Firepower devices. The vulnerabilities affect devices running Cisco Secure ASA Software or Cisco Secure FTD Software and have CVSS v3.1 base scores of 9.9 and 9.8. The vulnerabilities can be exploited by sending specially crafted HTTP requests to a vulnerable web server on a device. Cisco issued patches to fix the vulnerabilities in August this year, warning that hackers could exploit the flaws to execute commands at a high privilege level. The flaws allow threat actors to access restricted URL endpoints that should be inaccessible without authentication. By exploiting the flaws, attackers can execute code on vulnerable devices. If the...



