Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Feroot

Third-Party BAA Checklist: HIPAA Requirements for Website Technology Vendors

Mar 10, 2026 By Feroot In Feroot
For most of HIPAA’s history, PHI moved through known systems, between known parties, for known reasons. You provisioned access and audited behavior. The data flows remained observable, and so did the vendor relationships built around them. EHR vendors, billing platforms, and transcription services, you knew what each one touched because you handed it to them. Then the website became part of the care journey. With it came appointment schedulers, symptom checkers, patient portals, and intake forms.
Read Post
CrowdStrike

Falcon for XIoT Extends Asset Protection to Healthcare Environments

Mar 9, 2026 By Adina Schoeneman In CrowdStrike
CrowdStrike Falcon for XIoT is extending its industry-leading protections to medical devices in healthcare environments. This will provide comprehensive security for patient care at a time when healthcare organizations are a key target for threat actors. As of January 2026, the HHS listed over 750 reported breaches within healthcare environments that were under investigation.
Read Post
keeper

How Keeper Helps Reduce Insider Threats in Healthcare

Mar 6, 2026 By Ashley D'Andrea In Keeper
Insider threats in healthcare often originate from trusted employees, third-party vendors or contractors who have standing access to critical systems. When privileged access is not closely monitored, healthcare organizations face significant consequences, including compromised patient safety, exposure of Protected Health Information (PHI), disruption to clinical operations and Health Insurance Portability and Accountability Act (HIPAA) compliance violations.
Read Post
Feroot

OCR HIPAA Enforcement: Website Tracking Investigation Patterns

Mar 5, 2026 By Feroot In Feroot
Three million patients. That’s how many had their most sensitive health information silently siphoned from hospital systems and handed to a party that had no authorization to receive it. The year was 2022. And what would become one of the largest unauthorized disclosures of protected health information ever documented didn’t arrive through a ransomware attack, a stolen credential, or a nation-state intrusion. It came from a piece of marketing software doing exactly what it was designed to do.
Read Post
Feroot

HIPAA + GDPR for Global Healthcare: Overlapping Requirements and Conflicts

Mar 5, 2026 By Feroot In Feroot
If your organization serves patients in both the United States and the European Union, two regulators, HIPAA and GDPR, are already watching your website. Specifically, what happens in the seconds between a visitor landing on your page and your analytics stack doing its job. In March 2024, OCR mentioned that even unauthenticated website interactions, like a user browsing your oncology content or typing into a symptom checker, can constitute PHI if the visit is for health-related purposes.
Read Post
acronis

How to meet critical compliance regulations in pharmaceutical manufacturing

Mar 4, 2026 By Lee Pender In Acronis
Pharmaceutical regulation relies on three core pillars: Maximum system availability, trustworthy data and rapid recoverability. With the right strategy, manufacturers can uphold them all. Operational technology (OT) systems such as SCADA, manufacturing execution systems, cleanroom controls, environmental monitors and laboratory automation are essential for maintaining validated, compliant and uninterrupted production. When those systems fail, downtime can result in enormous financial costs.
Read Post
Feroot

Health Insurance Portals: Client-Side PHI Exposure Under HIPAA and State Laws

Mar 2, 2026 By Feroot In Feroot
For marketing, a JavaScript tag is a growth lever. Something that’ll allow your business to target the right people, run personalized campaigns, and onboard more customers with less spend. For your security team, though, it’s a different story. The third-party scripts and tags on your pages can be a shadow PHI disclosure pipeline that quietly avoids detection, sidesteps your server-side controls, and transmits sensitive member data to third parties without triggering a single alert.
Read Post

Cyberattacks on Hospitals Are Attacks on Communities: Why Ransomware Is a Patient Safety Crisis

Feb 26, 2026 By Rubrik In Rubrik
In this episode of Building Cyber Resilience: A Healthcare Leader’s Guide, host Josh Howell speaks with John Riggi, National Advisor for Cybersecurity and Risk at the American Hospital Association. Drawing on nearly 30 years at the FBI and his current work advising more than 5,000 hospitals, Riggi explains why ransomware attacks on healthcare should be treated as threat-to-life events. He breaks down the real-world consequences of cyberattacks, from ambulance diversion to delayed cancer care, and outlines what leaders must do now to prepare for outages that last weeks, not hours.
View Video
Feroot

GA4 Is Collecting PHI from Your Website and a BAA Won't Fix Your HIPAA Problem

Feb 17, 2026 By Feroot In Feroot
Conversations about GA4 in healthcare tend to stay strangely shallow, circling the same procurement question: “Is there a BAA?” It’s as if GA4 creates risk at the contract layer, when the truth is that the risk is born earlier and lower, in the collection layer, where ordinary telemetry becomes sensitive the moment it is attached to health context and allowed to leave your site.
Read Post
vista infosec

HIPAA Compliance for Dental Offices

Feb 17, 2026 By Narendra Sahoo In VISTA InfoSec
When we talk about HIPAA compliance for dental offices, we’re not talking about theory or paperwork. We’re talking about patient privacy, regulatory exposure, and whether a practice can keep operating when something goes wrong. HIPAA is no longer a “back-office” concern—it’s a core part of running a modern dental practice.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.