The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry.

In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week:

• Bombshell report of hospitals sharing PHI with Facebook
• HIPAA compliance analysis for covered entities sending PHI to Facebook
• Legal exposures for sending sensitive information to social media and other website tracking vendors
• Recommendations for healthcare organizations to assess and respond to patient concerns about unauthorized PHI disclosures to Facebook
• HHS issues new guidance for healthcare organizations to improve their cyber posture
• New HIPAA Security Risk Analysis (SRA) tool from OCR
• New OCR guidance and industry feedback related to “recognized security practices” for healthcare organizations (i.e. safe harbors for OCR enforcement)
• HHS issues warning to healthcare entities about dangerous Emotet malware proliferation
• CISA is developing new guidance for helping organizations overcome supply chain risks
• FBI prevents “despicable” Iranian cyber attack on Boston Children’s Hospital
• DOJ shuts down SSNDOB dark web marketplace
• Massive arrests and seizures of social engineering attack infrastructure across 76 countries
• OCR issues guidance on the upcoming expiration of COVID-19 enforcement exemptions for telehealth HIPAA security mandates