Privacy & Security
Week-long event launched Tuesday, designed to improve defense strategies for all industries.
Premier Healthcare, a physician-led multispecialty provider group based in Bloomington, Indiana, has reported a possible breach that could affect 205,748 patients after a laptop with patient data was stolen, the company announced on Tuesday.
For 1,769 of these people, social security numbers and or financial information could also be accessed from the stolen laptop.
Premier employees discovered that the laptop was missing from the locked and alarmed administrative office of the billing department on January 4.
[Also: 7 largest data breaches of 2015]
Although password-protected, the laptop wasn't encrypted. It contained PDF documents, spreadsheets and screenshots of patient billing issues and contained demographic information like clinical data, date of birth and names.
According to Premier, there's no evidence the information on the laptop was the actual target of the theft or that the data has been used or accessed for fraudulent purposes. Premier said it took immediate steps to investigate and recover the laptop, including notifying patients and filing a police report.
Law enforcement has so far been unable to locate the laptop or identify the perpetrator.
[Like Healthcare IT News on Facebook]
"Premier has taken a number of steps to help keep this from happening in the future," Premier officials said in a statement, noting that the provider group has begun to encrypt all of Premier's computers and are reviewing the institution's protocols to protect against a repeat theft.
"Premier deeply regrets this occurred and is committed to excellent care and protecting the privacy of personal information," officials said, adding that anyone with questions about the breach can call 877-509-8356 or email HIPAA@premierhealthcare.org.
Twitter: @JessiefDavis
Cyberattackers targeted Apple users over the weekend with the first known ransomware written specifically for Apple software, according to security firm Palo Alto Networks.
Ransomware is a fast-growing threat that encrypts data on infected machines and demands that users pay a ransom in digital currencies, such as Bitcoin, to receive an electronic key so they can retrieve their data.
[Also: Hollywood Presbyterian gives in to hackers, pays ransom]
The most high-profile ransomware attack happened just last month when attackers struck Hollywood Presbyterian Medical Center and held its data hostage, effectively reverting the hospital back to a pre-digital state in which employees used paper records and fax machines.
While most pieces of ransomware target Windows operating systems, in this new case hackers attacked Macs through a tainted copy of a program known as Transmission, which can transfer data via the BitTorrent peer-to-peer file sharing network, Palo Alto Networks explained. Any Mac users that downloaded version 2.90 of Transmission, released on Friday, were infected with the ransomware.
“On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted,” Palo Alto Networks said on its site. “We have named this Ransomware KeRanger.”
Transmission responded by removing the malicious version of its software from its website and . on Sunday it released a version that it claims automatically removes the ransomware from infected Macs. Transmission users were advised to immediately install the new update, version 2.92, if they suspected they might be infected.
KeRanger is programmed to stay quiet for three days after infecting a computer, then connect to the attacker's command and control servers to start encrypting files so they cannot be accessed, Palo Alto Networks added.
[Like Healthcare IT News on Facebook]
“The malware then begins encrypting certain types of document and data files on the system,” the company said. “After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files.”
If paying the ransom seems far-fetched, hospital executives should know that’s exactly what Hollywood Presbyterian was forced to do when they settled for a $17,000 ransom.
Twitter: @HealthITNews
Nominations period open for one more week as the federal agency looks to tackle concerns over a string of high-profile breaches.
LAS VEGAS – Healthcare communication technology vendor etherFAX LLC and secure messaging systems company DataMotion have announced at HIMSS16 a partnership to deliver secure messaging and document delivery solutions for the healthcare industry. The companies have integrated etherFAX with DataMotion Direct to enable healthcare professionals to send and receive fax documents and other protected health information securely, ensuring privacy and compliance using the Direct Messaging standard.
The vendors are demonstrating the new technology at the 2016 Annual HIMSS Conference and Exhibition in Las Vegas, etherFAX in booth #12247 and DataMotion in booth #12144.
Technology from etherFAX enables secure transmission of unstructured data between fax servers, devices, electronic health records systems and health care information exchanges, with end-to-end encryption. Unstructured data such as medical notes, authorizations, protected health information and color documents can be transmitted at high speeds.
DataMotion Direct, part of the DataMotion platform, enables healthcare providers to send and receive protected health information with other Direct address holders to comply with HIPAA, enhance health information exchange, meet meaningful use requirements and enhance care coordination communications, the vendor said. Based on the national encryption standard for securely exchanging clinical healthcare data via the Internet, DataMotion Direct enables secure messaging for healthcare providers, patients, business associates and clinical systems, the vendor added.
[Also: See photos from Day 3 of HIMSS16]
The new combined technology expands the connected reach of Direct Messaging to the large number of providers reliant on fax technology for exchanging patient information with other care providers and facilities, the vendors said.
“Fax remains a mainstay technology in healthcare, partly as a holdover from the era of paper-based medical records and partly due to HIPAA regulations preventing unsecure electronic communication like e-mail,” DataMotion chief technology officer Bob Janacek said. “Direct messaging overcomes HIPAA risks and other interoperability issues that have held back electronic communication in healthcare. Its adoption has accelerated with more than 40 million Direct messages sent in 2015. Integrating Direct messaging with fax will increase the adoption of Direct and we expect to see more integration into clinical workflows and EHRs as a result.”
Twitter: @SiwickiHealthIT
This story is part of our ongoing coverage of the HIMSS16 conference. Follow our live blog for real-time updates, and visit Destination HIMSS16 for a full rundown of our reporting from the show. For a selection of some of the best social media posts of the show, visit our Trending at #HIMSS16 hub.
(SPONSORED) At Lenovo, we focus on the product security and what goes into the supply chain. We pay attention to all of the HIPAA regulations--even on returned products--because we want to ensure that you can really trust your product.
Adam H. Greene, partner, Davis Wright Tremaine, says education, discretion can help reduce privacy infractions.
(SPONSORED) One of the key trends will continue to be increased cloud adoption by enterprises and organizations.
The institute claims there are 10 tech safety hazards that all hospital leaders must beware.
LAS VEGAS – ClearDATA unveiled Wednesday at HIMSS16 a cloud-based system designed to monitor HIPAA compliance levels throughout a healthcare organization’s IT environment. The ClearDATA Active Compliance and Security Monitoring Dashboard offers providers, pharmaceutical organizations, payers and their business associates transparency to quickly identify and remediate physical, technical and administrative safeguards that have drifted out of compliance in their IT settings, the vendor said.
The dashboard is designed to provide healthcare organizations with a view into one of their most vulnerable environments for a data breach, their IT ecosystem, ClearDATA said. Using the dashboard, technology and security professionals can view their organizations’ compliance levels across configuration scanning, log-in and log monitoring, log retention, patch-level reporting and backup validation, with additional standard and custom checks added weekly, the vendor said.
[Also: See photos from Day 2 of HIMSS16]
Each check is mapped to specific HIPAA security safeguards – should systems drift from compliance, the dashboard enables customers to view individual system details to best understand what steps are needed for remediation, the vendor said.
In the wake of an actual breach, the first question organizations are asked is whether they can provide a full accounting of all their protected health information, including where it is stored and who has access to it, ClearDATA explained. The ClearDATA Active Compliance and Security Monitoring Dashboard gives insight into this data inventory, while also proving the extent to which measures are in place to protect it, the vendor said.
“Healthcare IT and security professionals have never been so challenged as they are today with meeting HIPAA compliance standards and preventing a data breach at their organization,” said Darin Brannan, CEO of ClearDATA. “The dashboard offers these professionals a tool that rapidly pinpoints where security vulnerabilities exist, including in the context of a HIPAA compliance audit.”
Twitter: @SiwickiHealthIT
This story is part of our ongoing coverage of the HIMSS16 conference. Follow our live blog for real-time updates, and visit Destination HIMSS16 for a full rundown of our reporting from the show. For a selection of some of the best social media posts of the show, visit our Trending at #HIMSS16 hub.