HITEQ Center, June 2025
This article uses the 2020 incident at the Family Health Center of Worcester (FHCW) to explore innovative strategies to bolster health centers' cybersecurity, including leveraging group purchasing organizations (GPOs) for discounted solutions and implementing bug bounty programs to proactively strengthen systems. Ultimately, it investigates how these approaches can protect vital community health resources from the escalating tide of cyber threats.
A Case Study of the Family Health Center of Worcester’s Ransomware Incident, February 2024
The use of ransomware — malicious software that restricts access to computer systems with financial demands — has escalated, targeting health centers and putting countless lives at risk. This dire reality came to the forefront during the alarming ransomware attack on the Family Health Center of Worcester, Inc. (FHCW), where the personal health information and care continuity for thousands of patients were compromised. This resource uses FHCW's experience as a case study to demonstrate the...
Protecting yourself when using patient portals, health apps, and online medical devices, June 2023
This training guide provides patients with knowledge and awareness about cybersecurity threats to protect their personal health data and to minimize risks from computer viruses and malware.
Guidance from the Office for Civil Rights
From the OCR: The Privacy Rule protects individually identifiable health information from unauthorized or impermissible uses and disclosures. The Rule is carefully designed to protect the privacy of health information, while allowing important health care communications to occur. These pages address the release of protected health information for planning or response activities in emergency situations. In addition, please view the Civil Rights Emergency Preparedness page...
Guidance from the Office for Civil Rights
From the OCR: Severe disasters – such as Hurricanes Harvey, Irma, and Maria – impose additional challenges on health care providers. Often questions arise about the ability of entities covered by the HIPAA regulations to share information, including with friends and family, public health officials, and emergency personnel. As summarized in more detail below, the HIPAA Privacy Rule allows patient information to be shared to assist in disaster relief efforts, and to assist patients...