Articles and Blogs

The cybersecurity incident recently experienced by Change Healthcare has materially disrupted the health care delivery system and created significant financial, operational and legal challenges for many health care organizations. Organizations impacted by this incident should be careful to react thoughtfully and deliberately when addressing these challenges to ensure that any steps taken do not... READ MORE

On October 10, 2023, Citrix released security updates for its NetScaler ADC and NetScaler Gateway appliances to remedy a vulnerability dubbed “Citrix Bleed” under CVE-2023-4966. As of October 17, Citrix and the Cybersecurity and Infrastructure Security Agency confirmed that active exploits by threat actors had been observed on unpatched systems. Additionally, cybersecurity firm Mandiant... READ MORE

On October 9, 2019, both the Health and Human Services Office of Inspector General (“OIG”) and Centers for Medicare & Medicaid Services (“CMS”) issued proposed rules pertaining to the Anti-Kickback Statute safe harbor and Civil Monetary Penalties Law exception for EHR Donations (“EHR Donation Rules”), as well as a new safe harbor and exception... READ MORE

Welcome to Practical Matters! This series aims to provide an overview of trending topics in a variety of service areas. Our goal is to present current topics to spark discussion within your organization that could lead to a new approach and result in a positive impact. As we begin 2019, many health care organizations... READ MORE

On October 15, 2018, the National Protection and Programs Directorate (“NPPD”) of the U.S. Department of Homeland Security (“DHS”) and the U.S. Food and Drug Administration (“FDA”) entered into a Memorandum of Agreement (“MOA”) that formalizes a long-standing relationship between the agencies and implements a new framework for increased collaboration, information-sharing and coordination that... READ MORE

On May 12, 2017, a massive cyber attack affecting health care organizations across the world prompted the United States Department of Health and Human Services (“HHS”) to issue a warning to U.S. health care organizations. The attack apparently first began in England, causing information systems at health care organizations throughout the country to become infected... READ MORE

On December 27, 2016, the Food and Drug Administration (“FDA”) issued final guidance (the “Post-Market Guidance”) outlining steps that medical device manufacturers and health care systems should take to monitor, identify, understand and address cybersecurity risks once medical devices and mobile medical devices have entered the marketplace. The Post-Market Guidance follows October 2014 FDA... READ MORE