Skip to main content

Privacy & Security

By Jessica Davis | 11:51 am | April 11, 2016
Multi-agency collaboration aim to help app developers stay aware of consumer privacy and safety protections, while still enabling innovation, officials say.
By Jessica Davis | 05:56 pm | April 08, 2016
The Government Accountability Office discovered vulnerabilities in three states and said that other state-run health insurance exchanges may be at risk too.
By Bill Siwicki | 09:04 am | April 08, 2016
Security chief Meredith Phillips says the health system reorganized internally to more effectively manage and secure 60,000 medical and Internet of Things devices, and to strongly position itself to handle evolving threats, such as ransomware.
By Tom Sullivan | 08:52 am | April 07, 2016
New research by Healthcare IT News and HIMSS Analytics found considerable uncertainty, questionable business continuity plans, and the need for more effective end-user education rampant in the industry. 
By Bill Siwicki | 07:59 am | April 06, 2016
It's now easier than ever for criminals to get into hospital networks, and ransomware is on the rise. Cybersecurity experts offer advice to help hospitals beat back the hackers.
By Bernie Monegain | 05:40 pm | April 05, 2016
An employee of the Office of Child Support Enforcement was using a personal machine that to conduct audits and the laptop, which was stolen, might have contained millions of records with personal health information.
By Jessica Davis | 03:14 pm | April 05, 2016
With the recent surge in ransomware attacks, cybersecurity is a top priority for healthcare organizations across the nation. But even if providers have top security measures in place, there's another component to consider: the vulnerabilities of third- and fourth-party vendors. Almost three-quarters of businesses said cybersecurity incidents related to vendors are increasing, according to a recent Ponemon Institute survey, requested by BuckleySander and Treliant Risk Advisors. About half of the respondents said their organization experienced a data breach caused by a vendor, but 16 percent of respondents were unsure if a breach had occurred. And another 65 percent said managing cybersecurity incidents involving vendors is difficult. "The type of risk we're seeing now is changing in response to our evolving data-driven economy," Rena Mears, managing director of BuckleySandler, said in a statement. "The risk to strategic data assets extends beyond any single third-party, but rather to the web of relationships that comprise the data ecosystem." [Also: Lack of business associate agreement, risk analysis to cost Minnesota health system $1.55 M in HIPAA fines] More than a third of businesses don't believe their third-party vendors would notify them if a data breach occurred. And a staggering 73 percent of respondents don't believe a fourth-party vendor would contact them regarding a data breach. A fourth-party vendor is often hired by the third-party vendor. Survey respondents admitted their organizations shared sensitive data with third-parties that may have poor security policies in place. More than half said they weren't able to determine the safeguards in place by their vendors to prevent a data breach and 60 percent of respondents said their organizations don’t monitor their vendors’ security and privacy practices. Only 41 percent said their vendors' safeguards were sufficient. "The inability of so many companies to confirm whether third-parties have had a data breach or cyberattack involving sensitive and confidential information should be a wake-up call for businesses across all industries," said Susanna Tisa, chief business officer of Treliant Risk Advisors, in a statement. "To mitigate this risk, companies should compile a comprehensive inventory of and conduct data and privacy risk assessments for all third-party vendors," Tisa added. "However, we found few companies represented in this research, in particular those outside the regulated banking sector, have done so." Twitter: @JessieFDavis Email the writer: jessica.davis@himssmedia.com Like Healthcare IT News on Facebook and LinkedIn
By Bernie Monegain | 10:46 am | April 05, 2016
The agencies are looking for ways to use a single credential for accessing health records across multiple providers. The identity solution must enhance privacy and security, be interoperable and cost-effective, officials say.
By Jessica Davis | 12:38 pm | April 04, 2016
The Samsam and Maktub Locker malicious code programs attack vulnerable patches and spread to all systems connected to a network.  
By Mike Miliard | 11:55 am | April 04, 2016
The steady drumbeat of ransomware attacks continued this past week with new reports of two hospitals forced to fight off malware that froze IT systems. San Diego-based Alvarado Hospital Medical Center was hit by a "malware disruption" on March 31, the San Diego Union-Tribune reports. A spokesperson for the 306-bed hospital confirmed the cyber attack, but would not say which systems had been affected. Alvarado was the third hospital owned by Prime Healthcare Services to be hit with malware in March; Chino Valley Medical Center and Desert Valley Hospital had also been affected by viruses but were able to recover systems with minimal disruption and without having to pay ransom. [Also: Looking to improve cybersecurity? Fire some CEOs] For its part, Alvarado said it had taken "extraordinary steps to protect and expeditiously find a resolution to this disruption," according to a statement provided to the Union-Tribune, but offered little other detail except to say patient and employee records had not been compromised. "The hospital remains fully operational, and no patients have been turned away. All significant clinical systems needed for operations are fully functional," said hospital spokesperson Laura Gilbert. "Our IT team took great efforts to protect and restore our systems and a ransom was never paid." Meanwhile, another hospital, this one in southeast Indiana, said it proactively powered down all its computer systems on Wednesday, after discovering that a single employee's file had been infected with Locky ransomware virus. King's Daughters' Health officials told Indiana's WSCH radio that patient data was secure and had not been compromised, and that it would restart its computer systems once it is safe to do so. In the meantime, KDH is using manual processes to continue operations. Linda Darnell, the hospital's senior director of IT, told the station that ongoing staff education about these evolving cyber threats had helped employees act quickly to contain the Locky virus once it was found. Twitter: @MikeMiliardHITN Email the writer: mike.miliard@himssmedia.com Like Healthcare IT News on Facebook and LinkedIn