< ciso
brief />
Tag Banner

All news with #hipaa tag

21 articles

Xsolis data breach compromises 1.4M patient records

🔒 Xsolis, a U.S. healthcare technology provider, detected a targeted phishing attack that led to unauthorized access to parts of its network in January 2026. The company says files containing sensitive customer information—such as names, addresses, dates of birth, insurance details, Social Security numbers, and medical treatment data—were accessed, affecting 1,396,519 individuals. Xsolis contained the breach, engaged external cybersecurity experts, reset user passwords, enhanced monitoring, accelerated employee security training, and is notifying impacted individuals with offered identity monitoring services.
read more →

HealthOmics adds ephemeral scratch storage for workflows

🧬 AWS HealthOmics now provides ephemeral local scratch volumes for individual workflow tasks, mounted at /tmp, to improve performance for bioinformatics workloads such as sequence alignment, BAM sorting, and variant calling. Each task gets 16 GiB by default at no extra charge, with configurable sizes up to 3,072 GiB via WDL, Nextflow, or CWL directives and enabled at runtime using the StartRun API. Volumes are encrypted and deleted on task termination, and the feature is available in all Regions where HealthOmics operates. HealthOmics is HIPAA-eligible and designed to accelerate managed bioinformatics workflows for healthcare and life sciences customers.
read more →

AWS HealthOmics adds real-time engine log streaming

📡 AWS HealthOmics now streams workflow engine logs to Amazon CloudWatch in real time, enabling customers to monitor workflow execution progress as it happens. This HIPAA-eligible service helps healthcare and life sciences teams accelerate bioinformatics workflows with immediate access to orchestration events, task scheduling details, import/export activity, and full stack traces on errors. Streamed logs support CloudWatch alarms, dashboards, and integration with observability tooling for faster debugging and iterative development.
read more →

AWS HealthLake Adds CMS-0057-F FHIR API Support

🩺 AWS HealthLake now natively supports payer compliance with the CMS Interoperability and Prior Authorization Final Rule (CMS-0057-F), requiring four standardized FHIR-based APIs by January 1, 2027. The release implements Patient Access, Provider Access, Payer-to-Payer, and Prior Authorization APIs using CARIN, DaVinci, and SMART standards, and adds metrics and consent integrations. It is HIPAA-eligible and available in multiple AWS Regions.
read more →

Cloud Infrastructure as the Foundation for Digital Health

🏥 The post argues that modern cloud infrastructure is the superior foundation for regulated Software as a Medical Device (SaMD), enabling faster innovation while meeting regulatory obligations. It outlines regulatory shifts in early 2026, including the FDA's QMSR alignment with ISO 13485 and the EU AI Act's applicability for high-risk systems. The author advocates Compliance as Code and describes three architectural planes—data, control, and evidence—on Google Cloud to deliver continuous audit readiness. It also highlights AI-driven monitoring and a shared fate model between cloud providers and manufacturers.
read more →

7 Biggest Healthcare Security Threats and Emerging Risks

🔒 Cyberattacks on healthcare have surged since COVID-19, driven by telehealth adoption, cloud migration, and interconnected medical devices. Experts identify seven primary threats — ransomware, cloud misconfigurations, web application exploits, bad bots, phishing, insecure smart devices, and generative AI misuse — that target EHRs, PHI, and clinical availability. Under-resourced teams and extensive third-party dependencies amplify the operational and patient-safety impacts.
read more →

AWS Launches VPC Encryption Controls in GovCloud US

🔒 AWS VPC Encryption Controls is now available in AWS GovCloud (US-East) and GovCloud (US-West). The feature lets security teams enable monitoring and enforcement of encryption in transit across existing VPCs, automatically identifying flows that permit plaintext. It transparently activates hardware-based AES-256 encryption across VPC resources (including Fargate, NLB, and ALB) and produces audit logs to help demonstrate compliance with standards such as HIPAA, PCI DSS, FedRAMP, and FIPS 140-2.
read more →

AWS HealthOmics Adds VPC-Connected Bioinformatics Workflows

🧬 AWS HealthOmics now supports VPC-connected workflows, allowing bioinformatics pipelines to access AWS resources across regions and public internet resources through a customer VPC. New Configuration APIs let teams specify VPCs and manage public internet dependencies at a per-run level without changing workflow code. This capability is HIPAA-eligible and available in all HealthOmics regions.
read more →

AWS HealthOmics Launches Batch Run for Genomics Workflows

🧬 AWS announced that HealthOmics now supports batch run submission, enabling customers to submit up to 100,000 runs of a workflow in a single request. All runs in a batch share a common configuration with optional per-run overrides for specific sample inputs or parameter values. The batch APIs provide full lifecycle management—including a batch ID for tracking, bulk cancel/delete, and progress monitoring—to simplify orchestration and troubleshooting. The feature is available across all HealthOmics regions and the service is HIPAA-eligible.
read more →

TriZetto Provider Solutions Breach Exposes 3.4M Patients

🔒 TriZetto Provider Solutions (TPS) has reported a breach that impacted more than 3.4 million individuals after suspicious activity was detected in a customer-facing web portal on 2 October 2025. TPS confirmed that no payment card or bank account data were taken, but said names, addresses, dates of birth, Social Security numbers and health insurance identifiers may have been accessed. The company, owned by Cognizant, says it is working with law enforcement, has implemented additional security measures and is offering credit monitoring to those affected.
read more →

AWS Backup adds PrivateLink support for SAP HANA on EC2

🔒 AWS Backup now supports AWS PrivateLink for SAP HANA systems running on Amazon EC2. This lets customers route backup traffic over private VPC endpoints instead of the public internet, helping meet security and compliance requirements for regulated workloads. Organizations subject to HIPAA, PCI DSS and privacy frameworks can maintain end-to-end private connectivity for both application and backup data. The feature is available in all AWS Regions that support SAP HANA on EC2; to enable it, update the Backint agent and add the backup-storage VPCE to your VPC.
read more →

CISOs: Move Beyond Compliance to Anticipate Risk in 2026

🔒 CISOs entering 2026 should treat compliance as a baseline, not a destination. While frameworks like HIPAA, SOC 2 and ISO 27001 provide essential controls, relying solely on checklists breeds complacency and misses evolving threats such as AI-enabled attacks, third-party failures and future quantum risks. Adopt longer time horizons, scenario-based risk assessments and financial impact modelling to align security with business priorities and secure board support.
read more →

AI Agents Are Rewriting Compliance Controls—CISOs Must Act

🛡️ AI agents are being embedded into regulated workflows and are forcing a rethink of controls designed for human actors, including SOX, GDPR, PCI DSS, and HIPAA. Because agents act, adapt, and drift, controls that once relied on predictable human behavior can silently fail, collapsing segregation of duties and exposing sensitive data. CISOs should treat agents as non-human identities with least‑privilege access, strong credential management, continuous monitoring, and robust logging and change governance to keep regulated workflows auditable and defensible.
read more →

Anthropic Brings Claude to Healthcare With HIPAA Tools

🔒 Anthropic is expanding Claude into healthcare with HIPAA-ready enterprise tools and new healthcare-specific connectors. It can access the CMS Coverage Database to check Medicare coverage rules, support prior authorization, and look up ICD-10 codes. Anthropic says deployments can help revenue cycle, credentialing, and reduce claim errors.
read more →

Anthropic Launches Claude for Healthcare with Record Access

🩺 Anthropic has introduced Claude for Healthcare, allowing U.S. subscribers on Claude Pro and Max plans to grant secure access to lab results and health records via integrations with HealthEx and Function, with Apple Health and Android Health Connect rolling out to mobile apps later this week. When connected, Claude can summarize medical history, explain test results in plain language, detect patterns across fitness metrics, and draft questions for appointments. Anthropic says the integrations are private by design, let users choose what to share, and do not use health data to train its models; permissions can be edited or revoked at any time.
read more →

AWS Landing Zone Accelerator: Universal Configuration

🔒 AWS has released the Landing Zone Accelerator on AWS sample security baseline called the Universal Configuration, designed to deploy a secure, multi-account environment rapidly. It encodes AWS Well‑Architected security best practices and automates hundreds of controls to accelerate compliance for regulated workloads. The release is paired with the LZA Compliance Workbook on AWS Artifact, which maps technical controls to frameworks such as NIST, ISO, HIPAA, and CMMC.
read more →

Amazon ECR Adds PrivateLink Support for FIPS Endpoints

🔒 Amazon Web Services announced that Amazon ECR now supports PrivateLink endpoints validated under FIPS 140-3. This allows customers with security and compliance requirements to use FIPS-validated cryptographic modules while keeping traffic private within their Amazon VPCs. The enhancement helps organizations meet regulatory obligations without exposing container registry traffic to the public internet. Availability includes several commercial and AWS GovCloud regions.
read more →

AWS Parallel Computing Service Achieves HIPAA Eligibility

🔒 AWS Parallel Computing Service (AWS PCS) is now HIPAA eligible, enabling organizations with a Business Associate Addendum (BAA) to run protected health data workloads. AWS PCS is a managed High Performance Computing service that uses the Slurm workload manager for cluster orchestration and targets compute-intensive tasks such as genomic sequencing, medical imaging analysis, and clinical research simulations. AWS says it maintains a standards-based risk management program to support HIPAA administrative, technical, and physical safeguards, and that eligibility applies in all AWS Regions where PCS is offered.
read more →

AWS HealthOmics private workflows now in Seoul Region

🧬 AWS HealthOmics private workflows are now available in the Asia Pacific (Seoul) Region, providing fully managed bioinformatics pipelines for healthcare and life sciences customers in Korea. The HIPAA-eligible service supports domain-specific languages such as Nextflow, WDL, and CWL and offers features like call caching, dynamic run storage, Git integrations, and ECR pull-through cache. These capabilities simplify pipeline migration, accelerate genomics development, and help maintain data provenance and compliance.
read more →

AWS Incident Response Achieves HITRUST CSF Certification

🔒 AWS Security Incident Response is now HITRUST CSF certified, demonstrating alignment with rigorous security and privacy controls used by healthcare, life sciences, and other regulated sectors. The certification confirms that organizations can leverage AWS Security Incident Response to automate alert monitoring, streamline incident coordination, and access 24/7 security experts. Customers can inherit AWS HITRUST scores to reduce audit burden and integrate via console, CLI, or APIs.
read more →