Paubox Weekly: Investigation reveals pharmacies release medical information to police without warrants

Hello world,

Today’s Paubox Weekly is 525 words - a 2 minute read.

Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly. 

1. Investigation reveals pharmacies release medical information to police without warrants

According to a letter released by Congress, no surveyed pharmacies require a warrant to share pharmacy records with law enforcement.

Why it matters: Records are often shared between states, and with abortion bans, law enforcement could seek pharmacy records to determine if someone received reproductive care in a different state.

Amazon is the only company that notifies customers

2. What is spear phishing?

While phishing attacks are broad, spear phishing attacks are highly targeted and personalized. They involve extensive research on the intended target, making the emails appear more legitimate.

In the know: Spear phishing emails often create a sense of urgency, pressuring the recipient to take immediate action.

Cybercriminals follow a series of steps

3. HHS finalizes HTI-1 rule setting interoperability and transparency standards

One of the critical elements of this final rule is the establishment of first-of-its-kind transparency requirements for AI and predictive algorithms in certified health IT.

Why it matters: The rule's changes are designed to improve information sharing and provide insights into the use of certified health IT in care delivery.

The central aspects of the final rule

4. Norton Healthcare provides notice of breach impacting 2.5 million

Norton Healthcare, Inc., a Kentucky-based health system, recently confirmed a major ransomware attack that impacted 2.5 million individuals.

What happened: The attack led to delays in network-related actions and longer wait times. Norton stated they did not make a ransom payment following the incident.

A class action lawsuit has been filed

5. The four pillars of security awareness

Security awareness revolves around understanding and adherence to various security practices and policies to safeguard against threats.

Going deeper: Security awareness is built upon four essential pillars: Security reminders, protection from malicious software, log-in monitoring, and password management.

A proactive approach to security

Community links

• HIPAA compliance for occupational therapists. Link
  
• What is an impersonation attack? Link
  
• What is a watering hole attack? Link
  
• The benefits of HIPAA compliant accounting software. Link
  
• Are pharmaceutical companies covered entities? Link
  
• The elements of a good disaster recovery plan. Link
  
• What triggers a HIPAA audit? Link
  
• What is the threat intelligence lifecycle? Link
  
• The difference between eHealth and mHealth. Link
  
• When can confidentiality be broken? Link
  

November HIPAA Breach Report

• Other breaches affected the most people in October. 2,364,359 individuals had their data breached.
• Network server breaches were the second most common breach, with 1,152,858 people affected.
• Email breaches affected 11,023 people, the third most common breach type.

Read the full Breach report

Good reads from around the web

• Microsoft disrupts cybercrime gang behind 750 million fraudulent accounts. Link
• White House gets pledges from big healthcare players on AI safety and ethics. Link
• Unveiling the future of healthcare mergers and acquisitions. Link
• AI-driven WiFi monitoring will continue to improve HIPAA compliance assurance. Link
• The 10 biggest cyber security trends in 2024 everyone must be ready for now. Link