Skip to main content

Privacy & Security

Mobile Health IT
By Bill Siwicki | 05:22 pm | January 12, 2018
Doctors on the front lines of the opioid crisis find text messaging helpful in managing treatment with patients.
Privacy & Security
By Jessica Davis | 03:39 pm | January 12, 2018
The state would have one of the toughest breach notification laws in the country if the legislation is passed.
Privacy & Security
By Jessica Davis | 12:50 pm | January 12, 2018
A laptop of a Coplin Health Systems employee was stolen from a car and serves as a reminder to encrypt all data.
Compliance
By Jessica Davis | 10:24 am | January 11, 2018
The medical records vendor claimed regulatory changes to HIPAA in 2013 and 2016 threaten to “upend the medical records industry.”
Data Warehousing
By Bill Siwicki | 03:47 pm | January 08, 2018
A new report from Aon's security experts predicts more and different cyberattacks, and highlights the pressing need for healthcare organizations to change some of their approaches.
Privacy & Security
By Jessica Davis | 01:41 pm | January 08, 2018
Julia Hesse gets real about the inevitability of a breach and some simple steps for organizations to better prepare.
Privacy & Security
By Jessica Davis | 01:15 pm | January 08, 2018
An employee of Florida’s healthcare agency fell for a phishing email, which allowed hackers to access Medicaid enrollee data.
Privacy & Security
By Bill Siwicki | 03:30 pm | January 05, 2018
This past year was another challenging one for healthcare organizations as they remained under sustained attack by cybercriminals who continue to target healthcare networks through the use of well-known vulnerabilities.  A new study predicts that 2018 won't be any easier, especially as attackers increasingly set their sights on smaller providers and the myriad connected Internet of Things devices across healthcare. In 2017, there were a total of 140 hacking-related data breaches reported to the Department of Health and Human Services' Office of Civil Rights – a 24 percent increase over the 113 such events reported in 2016, according to the "2017 Health Care Cyber Research Report," from cybersecurity vendor Cryptonite. The number of reported hacking events attributed to ransomware by healthcare organizations jumped by 89 percent from 2016 to 2017, the study shows. This was an increase from 19 reported events in 2016 to a total of 36 events in 2017. [Also: Hospitals, don't wait to address these little-known IoT security issues] In 2017, ransomware events represented 25 percent of all events reported to HHS/OCR and attributed to IT/hacking. All six of the largest hacking-related healthcare events reported in 2017 were attributed to ransomware, the study found. Somewhat encouragingly, this past year, just 3,442,748 records were reported to be compromised, a big decrease from 13,425,263 reported compromised in 2016. But in years past, cybercriminals devoted significant time and effort to targeting the largest healthcare organizations. For example, 2015 breach events included Anthem (78.8 million records) and Premera Blue Cross (11 million records), and 2016 events included Banner Health (3.6 million records) and Newkirk Products (3.4 million records). Now this low-hanging fruit has to some extent been harvested, and attackers are increasingly turning their attention to a broader mix of healthcare entities, the report said. "The emergence and refinement of advanced ransomware tools lowers both the cost and the time for cyberattackers to target smaller healthcare institutions – now they can cost effectively reach physician practices, surgical centers, diagnostic laboratories, MRI/CT scan centers, and many other smaller yet critical healthcare institutions," according to Cryptonite. "This is the beginning of a trend that will increase very substantially in 2018 and 2019." Internet of Things devices in healthcare also represent new and expanding opportunities for cyberattackers. IoT devices now are now nearly ubiquitous in healthcare – already widely deployed  in intensive care facilities, operating rooms and patient care networks, said Michael Simon, president and CEO of Cryptonite. "Cyberattackers target healthcare networks for two primary reasons – to steal the medical records they contain or to extort ransom payments," said Simon. "Medical records are the targets of choice, as this data is highly prized to support identity theft and financial fraud. While 2017 was the year of ransomware, we are anticipating this already hard-hit sector will feel the wrath of cybercriminals targeting the hundreds of thousands of IoT devices already deployed in healthcare." .jumbotron{ background-image: url("http://www.healthcareitnews.com/sites/default/files/u1576/securityforjumbotron.jpg"); background-size: cover; color: white; } .jumbotron h2{ color: white; } Future-proofing security Why cybersecurity is top of mind for forward-looking healthcare orgs. Twitter: @SiwickiHealthIT Email the writer: bill.siwicki@himssmedia.com
Privacy & Security
By Lee Kim | 12:18 pm | January 05, 2018
Affected systems include Windows, Linux, Android, Chrome, iOS and MacOS but the good news is there is a public exploit code to test your system for vulnerabilities.
Analytics
By Bill Siwicki | 02:26 pm | January 04, 2018
The group says privacy and security, clinical documentation improvement and information governance will demand the attention of health IT and infosec executives in the year ahead.