All news with #hipaa tag

🏥 The post argues that modern cloud infrastructure is the superior foundation for regulated Software as a Medical Device (SaMD), enabling faster innovation while meeting regulatory obligations. It outlines regulatory shifts in early 2026, including the FDA's QMSR alignment with ISO 13485 and the EU AI Act's applicability for high-risk systems. The author advocates Compliance as Code and describes three architectural planes—data, control, and evidence—on Google Cloud to deliver continuous audit readiness. It also highlights AI-driven monitoring and a shared fate model between cloud providers and manufacturers.

🔒 Cyberattacks on healthcare have surged since COVID-19, driven by telehealth adoption, cloud migration, and interconnected medical devices. Experts identify seven primary threats — ransomware, cloud misconfigurations, web application exploits, bad bots, phishing, insecure smart devices, and generative AI misuse — that target EHRs, PHI, and clinical availability. Under-resourced teams and extensive third-party dependencies amplify the operational and patient-safety impacts.

🔒 AWS VPC Encryption Controls is now available in AWS GovCloud (US-East) and GovCloud (US-West). The feature lets security teams enable monitoring and enforcement of encryption in transit across existing VPCs, automatically identifying flows that permit plaintext. It transparently activates hardware-based AES-256 encryption across VPC resources (including Fargate, NLB, and ALB) and produces audit logs to help demonstrate compliance with standards such as HIPAA, PCI DSS, FedRAMP, and FIPS 140-2.

🧬 AWS HealthOmics now supports VPC-connected workflows, allowing bioinformatics pipelines to access AWS resources across regions and public internet resources through a customer VPC. New Configuration APIs let teams specify VPCs and manage public internet dependencies at a per-run level without changing workflow code. This capability is HIPAA-eligible and available in all HealthOmics regions.

🧬 AWS announced that HealthOmics now supports batch run submission, enabling customers to submit up to 100,000 runs of a workflow in a single request. All runs in a batch share a common configuration with optional per-run overrides for specific sample inputs or parameter values. The batch APIs provide full lifecycle management—including a batch ID for tracking, bulk cancel/delete, and progress monitoring—to simplify orchestration and troubleshooting. The feature is available across all HealthOmics regions and the service is HIPAA-eligible.

🔒 TriZetto Provider Solutions (TPS) has reported a breach that impacted more than 3.4 million individuals after suspicious activity was detected in a customer-facing web portal on 2 October 2025. TPS confirmed that no payment card or bank account data were taken, but said names, addresses, dates of birth, Social Security numbers and health insurance identifiers may have been accessed. The company, owned by Cognizant, says it is working with law enforcement, has implemented additional security measures and is offering credit monitoring to those affected.

🔒 AWS Backup now supports AWS PrivateLink for SAP HANA systems running on Amazon EC2. This lets customers route backup traffic over private VPC endpoints instead of the public internet, helping meet security and compliance requirements for regulated workloads. Organizations subject to HIPAA, PCI DSS and privacy frameworks can maintain end-to-end private connectivity for both application and backup data. The feature is available in all AWS Regions that support SAP HANA on EC2; to enable it, update the Backint agent and add the backup-storage VPCE to your VPC.

🔒 CISOs entering 2026 should treat compliance as a baseline, not a destination. While frameworks like HIPAA, SOC 2 and ISO 27001 provide essential controls, relying solely on checklists breeds complacency and misses evolving threats such as AI-enabled attacks, third-party failures and future quantum risks. Adopt longer time horizons, scenario-based risk assessments and financial impact modelling to align security with business priorities and secure board support.

🛡️ AI agents are being embedded into regulated workflows and are forcing a rethink of controls designed for human actors, including SOX, GDPR, PCI DSS, and HIPAA. Because agents act, adapt, and drift, controls that once relied on predictable human behavior can silently fail, collapsing segregation of duties and exposing sensitive data. CISOs should treat agents as non-human identities with least‑privilege access, strong credential management, continuous monitoring, and robust logging and change governance to keep regulated workflows auditable and defensible.

🔒 Anthropic is expanding Claude into healthcare with HIPAA-ready enterprise tools and new healthcare-specific connectors. It can access the CMS Coverage Database to check Medicare coverage rules, support prior authorization, and look up ICD-10 codes. Anthropic says deployments can help revenue cycle, credentialing, and reduce claim errors.

🩺 Anthropic has introduced Claude for Healthcare, allowing U.S. subscribers on Claude Pro and Max plans to grant secure access to lab results and health records via integrations with HealthEx and Function, with Apple Health and Android Health Connect rolling out to mobile apps later this week. When connected, Claude can summarize medical history, explain test results in plain language, detect patterns across fitness metrics, and draft questions for appointments. Anthropic says the integrations are private by design, let users choose what to share, and do not use health data to train its models; permissions can be edited or revoked at any time.

🔒 AWS has released the Landing Zone Accelerator on AWS sample security baseline called the Universal Configuration, designed to deploy a secure, multi-account environment rapidly. It encodes AWS Well‑Architected security best practices and automates hundreds of controls to accelerate compliance for regulated workloads. The release is paired with the LZA Compliance Workbook on AWS Artifact, which maps technical controls to frameworks such as NIST, ISO, HIPAA, and CMMC.

🔒 Amazon Web Services announced that Amazon ECR now supports PrivateLink endpoints validated under FIPS 140-3. This allows customers with security and compliance requirements to use FIPS-validated cryptographic modules while keeping traffic private within their Amazon VPCs. The enhancement helps organizations meet regulatory obligations without exposing container registry traffic to the public internet. Availability includes several commercial and AWS GovCloud regions.

🔒 AWS Parallel Computing Service (AWS PCS) is now HIPAA eligible, enabling organizations with a Business Associate Addendum (BAA) to run protected health data workloads. AWS PCS is a managed High Performance Computing service that uses the Slurm workload manager for cluster orchestration and targets compute-intensive tasks such as genomic sequencing, medical imaging analysis, and clinical research simulations. AWS says it maintains a standards-based risk management program to support HIPAA administrative, technical, and physical safeguards, and that eligibility applies in all AWS Regions where PCS is offered.

🧬 AWS HealthOmics private workflows are now available in the Asia Pacific (Seoul) Region, providing fully managed bioinformatics pipelines for healthcare and life sciences customers in Korea. The HIPAA-eligible service supports domain-specific languages such as Nextflow, WDL, and CWL and offers features like call caching, dynamic run storage, Git integrations, and ECR pull-through cache. These capabilities simplify pipeline migration, accelerate genomics development, and help maintain data provenance and compliance.

🔒 AWS Security Incident Response is now HITRUST CSF certified, demonstrating alignment with rigorous security and privacy controls used by healthcare, life sciences, and other regulated sectors. The certification confirms that organizations can leverage AWS Security Incident Response to automate alert monitoring, streamline incident coordination, and access 24/7 security experts. Customers can inherit AWS HITRUST scores to reduce audit burden and integrate via console, CLI, or APIs.

🔒 Amazon Web Services announced that 177 AWS services achieved HITRUST certification for the 2025 assessment cycle, with five services certified for the first time: Amazon Verified Permissions, AWS B2B Data Interchange, AWS Payment Cryptography, AWS Resource Explorer, and AWS Security Incident Response. A third‑party assessor audited the services under the HITRUST CSF v11.5.1 framework. Customers can inherit the certification for validated assessments when they use in‑scope services and follow the AWS Shared Responsibility Model, and evidence is available through AWS Artifact.