Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Feroot

Is Google Analytics 4 HIPAA-Compliant? A 2025 Guide for Healthcare CISOs on Privacy Risks and Safer Alternatives

Jul 2, 2025 By Feroot In Feroot
Google Analytics 4 (GA4) is not designed to comply with HIPAA — and using it on healthcare websites may expose Protected Health Information (PHI) to third parties.
Read Post
How Computers Help in Hospitals: EHR Design

How Computers Help in Hospitals: EHR Design

Jul 2, 2025 By SecuritySenses In SecuritySenses
The doctor used to write notes on paper when someone came to the clinic. These remarks told what the problem was, what medicine was given, and whether the patient had improved. But now, most doctors use computers to do this. The notes are saved in a special program called Electronic Health Records, or EHR. EHR is like a digital notebook. It keeps all health details in one place. The way it looks and works is called EHR Design. If the design is good, it makes life easy for everyone in the hospital.
Read Post
CrowdStrike

Prescription for Protection: Healthcare Industry Observations from CrowdStrike Investigations

Jul 1, 2025 By Yinan Yang - Tim Parisi In CrowdStrike
The healthcare sector continues to be a prime target for cyber adversaries, with threat actors constantly evolving their tactics to exploit vulnerabilities. Over the past year, CrowdStrike Services responded to a growing number of financially motivated attacks aimed at encrypting data and extorting victims across the healthcare ecosystem.
Read Post
Feroot

How Third-Party Pixels Jeopardize HIPAA Compliance on Healthcare Websites

Jun 30, 2025 By Feroot In Feroot
Third-party pixels are snippets of JavaScript embedded on healthcare websites to track user behavior — but they can unintentionally transmit PHI (Protected Health Information) to unauthorized recipients like Meta, Google, and others. Common pixel-triggered compliance issues include: Recent lawsuits and regulatory crackdowns (including FTC enforcement and OCR guidance) have made it clear: tracking technologies on healthcare websites can constitute a HIPAA breach.
Read Post
CalCom

HIPAA, HITRUST, CSF, And Server Hardening Part 1

Jun 29, 2025 By Jonny Gold In CalCom
Suppose you are an experienced IT professional or consultant working in the private sector. You get a new job working in the US Healthcare industry. On starting your new job, you learn about the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the consequences of failure to comply with it. As an IT professional, you understand that a crucial component of mitigating cyber threats is to implement server hardening, but how does this relate to HIPAA?
Read Post
Wondering "Why Am I So Itchy?" - The Reasons & Solutions

Wondering "Why Am I So Itchy?" - The Reasons & Solutions

Jun 29, 2025 By SecuritySenses In SecuritySenses
You're sitting at your desk, minding your business, and suddenly...scratch. Then scratch again. And again. Before long, you're playing a one-person game of Whack-a-Mole across your legs, arms, neck, scalp, and who even knows where else. It gets worse until you reach the point where you ask the big, uncomfortable question: why am I so itchy?
Read Post
Feroot

What Every CISO Needs to Know About HIPAA and Online Tracking Technologies in 2025

Jun 27, 2025 By Feroot In Feroot
In 2025, HIPAA enforcement has expanded beyond internal systems and EHRs to include what happens in users’ browsers. That means even seemingly harmless scripts — like ad pixels or analytics tags — can expose protected health information (PHI).
Read Post
trustcloud

HIPAA compliance in multi-cloud environments: Challenges and solutions

Jun 24, 2025 By Richa Tiwari In TrustCloud
For healthcare leaders navigating the digital transformation, the promise of multi-cloud environments is hard to ignore – more speed, more scale, more resilience. But in the shadows of innovation lies a regulatory tightrope. HIPAA wasn’t written with Kubernetes clusters or hybrid cloud policies in mind, yet today’s CIOs and CISOs must reconcile 1996-era law with 2025-era infrastructure.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.