- 5 tips for fighting cybercrime (healthcareitnews.com)
If you want to know how well a health system is protecting against cybercrime, you would have better luck talking to the criminals…IT executives…in the healthcare industry – aren't doing a good job keeping the enterprise up to date on cyber threats, and that those looking to steal and make a profit from health information are much more informed… five tips for fighting cybercrime:
- Network segmentation: Make sure only those who need to see sensitive information have access privileges
- Dedicated incident response team: Set up a chain of command in the event of a breach, with roles clearly defined. In short, expect a breach, and plan accordingly
- Teach with breaches: Show staff what happens when a breach occurs, reviewing how other breaches have occurred and how they could have been avoided, so they're dealing with concrete examples rather than invented scenarios
- Drill your breach response: Practice often, so staff instinctively know what to do if/when something happens
- Include partners: With reports indicating as many as one-third of all healthcare data breaches are caused by vendors, it's wise to invite them and all others to the party
- Infographic: top 10 biggest HIPAA breaches (healthcareitnews.com)
To date, nearly 143.8 million people have had their protected health information compromised in a HIPAA breach. Here's a list of the 10 biggest in the U.S.
- Federal appeals court affirms FTC’s power to regulate cybersecurity (modernhealthcare.com)
..federal appeals court…affirmed the Federal Trade Commission's power to regulate cybersecurity—a decision that follows a number of massive healthcare data breaches over the past year… FTC alleges that Wyndham engaged in unfair cybersecurity practices that exposed consumers' personal data to unauthorized access and theft…FTC doesn't now get involved in many healthcare breach cases,..But it could.
- Prominent healthcare CIO: FDA medical device security warning “will be the first of many” (networkworld.com)
Dr. John Halamka … sound the alarm on medical device threats in the wake of the FDA late last week issuing its first cybersecurity warning about a specific medical device…urged healthcare facilities to stop using Hospira's Symbiq Infusion System, a common device for dispensing fluids/drugs to patients…the devices could be accessed via a hospital network and rejiggered to mess up a patient's dosage….this will be the first of many advisories...involving medical device vulnerabilities.
- Medjacking: The newest healthcare risk? (healthcareitnews.com)Report: Healthcare more susceptible to privacy attacks than other industries (fiercehealthit.com)
If you're looking for trends in cyber-crime, it's best to follow the money…Healthcare information is being exposed in more places every day, creating new risks for patients, providers, payers, and other organizations…medical devices…are already being hacked, a trend that is alarming hospitals and other healthcare organizations…these devices are being hacked to unlock portals into larger medical systems and steal protected health information… economics of cyber-crime,..stolen medical identities can bring in many times the price of a stolen credit card number.
- HIPAA breach for hospital after worker swiped patient data (healthcareitnews.com)
A 12-hospital health system is notifying hundreds of its current and former patients that their protected health information has been compromised after discovering an employee was involved in identity theft…Merit Health system based in Jackson, Miss., only learned of the breach after local law enforcement notified them that one of their employees…was under investigation for identity theft,..The employee was allegedly swiping patient files for more than a year undetected,..swiped records containing patient names, Social Security numbers, medical diagnoses data, health plan data and also payment information.
- State Accidentally Mails Out Private Health Information To The Wrong Patients (denver.cbslocal.com)
Protected health information from the (Colorado) Department of Health Care Policy and Financing was unintentionally mailed to the wrong people,… the letters were mailed between May 25 and July 5. A resident who received a letter not intended for that resident notified county workers about the error...
- Sutter Health says data on 2,500 patients involved in potential breach (healthcareitnews.com)
Former employee emailed the records of 2,582 patients to a personal account without authorization… included name, date of birth, insurance identification number, date of service and billing code. In two cases a driver's licenses number was accessed and in one case the patient's Social Security number was included…no financial information was leaked… the event occurred in April 2013, and was recently discovered through a review of the former employee's email and computer use…As for 2015, this is third breach for Sutter.
- Cyberattacks on health systems on the rise (drugstorenews.com)81% Of Healthcare Organizations Have Been Compromised By Cyber-Attacks In Past 2 Years: KPMG Survey (kpmg.com)
As many as eight-in-10 health care executives say that their organizations have been compromised by at least one malware, botnet or other cyber-attack during the past two years, and only half feel that they are adequately prepared in preventing attacks…
- Health system cleared in data breach lawsuit (healthcareitnews.com)
An appellate court has cleared Advocate Medical Group of wrongdoing in a class action lawsuit alleging the organization failed to protect patient data following a massive HIPAA data breach… The fact that two plaintiffs to date (out of those four million) have received notification of fraudulent activity, i.e., have suffered actual injury arising…does not show that plaintiffs here face imminent,..impending, or a substantial risk of harm..