Skip to main content

Privacy & Security

Analytics
By Tom Sullivan | 01:28 pm | December 01, 2017
They’re all in this month’s HIMSS cybersecurity report along with Philips, Siemens and Smiths Medical.
Privacy & Security
By Jessica Davis | 04:08 pm | November 30, 2017
The new $27 million project will provide the NHS Security Operations Center with enhanced monitoring capabilities, ethical hacking, vulnerability testing and malware analysis.
SPONSORED Privacy & Security
By ClearDATA | ClearDATA | 01:16 pm | November 30, 2017
Patients are now choosing healthcare providers who focus on protecting their information.
SPONSORED Privacy & Security
By HPE | 10:35 am | November 30, 2017
But more than half of respondents underestimate the risks of improperly sanitized devices.
Revenue Cycle
By Wendy Almeida | 04:04 pm | November 29, 2017
The tech’s appeal lies in its digital ledger of transactions and healthcare is on the precipice of adoption to grow networks of secure data.
Privacy & Security
By Bill Siwicki | 02:06 pm | November 28, 2017
As email spoofing erodes trust in healthcare organizations, industry groups are urging DMARC adoption while the Department of Homeland Security has mandated it for federal agencies. 
Precision Medicine
By Jessica Davis | 01:20 pm | November 28, 2017
The genomic data management company will reimburse its customers up to $1 million for certain data loss associated with unauthorized account activity.
Privacy & Security
By Jessica Davis | 01:33 pm | November 27, 2017
Cottage Health breached the data of over 50,000 patients in 2013 and 2015 after leaving a server unencrypted and without a firewall, permissions or password protection.
Claims Processing
By Mike Miliard | 01:30 pm | November 22, 2017
Some would pay as much as $1,000 for genomic sequencing offered through employer health plans.
Privacy & Security
By Jessica Davis | 01:22 pm | November 22, 2017
Hacking incidents caused the majority of healthcare breaches in October, but insider errors impacted an even greater amount of patient records, according to the Protenus Breach Barometer. Protenus researchers pulled and analyzed data from the U.S. Department of Health and Human Services’ Office of Civil Rights, as well as research from the site DataBreaches.net. In all, 37 breaches were reported last month. This means 2017’s security trend remained true for October: At least one breach occurs in the healthcare sector each day. [Also: The biggest healthcare breaches of 2017 (so far)] Insider error continues to be a problem area for the industry. Of the three insider breaches for which Protenus had data, user error caused the breach of about 157,000 patient records last month. Insiders accounted for 29 percent of all October incidents. In fact, insider error drastically increased in October from other months, September breached just 24,958 records and August affected 26,831. One of those errors involved a flyer sent to HIV patients, asking them to participate in an HIV research project. The trouble was that the healthcare organization used envelopes with a clear front that revealed the HIV status. This was the second breach of this kind this year. Another insider incident involved another troubling trend this year: an improperly secured Amazon S3 bucket. That incident breached the records of about 150,000 patients.  “These incidents serve as a reminder for healthcare organizations to conduct routine training for employees on how to properly handle and distribute information to patients, without breaching their privacy,” the report authors wrote. “This is especially the case when working with vulnerable populations, as patients with diagnoses like HIV have a lot more at stake if their information is made public -- much more sensitive than their credit card information, such a breach be catastrophic to their entire way of life,” they added. Hacking is still the industry’s other leading culprit, accounting for about 35 percent of incidents and the breach of over 56,000 patient records. Two of the month’s 13 incidents specifically mentioned ransomware, while two were caused by phishing and three mentioned extortion attempts. Per the trend, notorious hacker TheDarkOverLord was responsible for all the extortion attempts. And not all of the affected organizations have reported these breaches. Lastly, the healthcare sector continues to struggle with discovering breaches. It took an average of 448 days for an organization to find a breach. In fact, one incident took 1,157 days or more than three years to discover a breach. “Both external and internal actors continue to threaten patient information and these breaches have often gone undetected for years, affecting thousands of patients,” the report authors wrote. “Our hope is that healthcare will begin to have conversations on how the industry can better protect the privacy of all patients and specifically devote attention to vulnerable populations.” Twitter: @JessieFDavis Email the writer: jessica.davis@himssmedia.com