Healthcare Cybersecurity Weekly Briefing 01-19-2018

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Hackers Increasingly Target Patient Records as HCPs do Little to Protect Data – Research
The data also reveals a worrying disconnect between healthcare professionals’ confidence in protecting sensitive patient data and the actual protection of that data. Some 48% of RNs and 57 percent of administrative staff say they are “very confident” their institution can safeguard patient records against potential data theft. At the same time, only 25 percent of RNs and 40 percent of administrative staff cited data security & privacy improvements over the past year.

 

Hospital Hit by Ransomware: Attackers Demand Bitcoin to Release Control of System
The attack was not the result of an employee opening a malware-infected email, a common tactic used to hack computer systems, he said. The attack was sophisticated, he said, adding FBI officials are familiar with this method of security breach. “This was not a 15-year-old kid sitting in his mother’s basement,” Long said. Notices posted Friday at entrances to Hancock Regional Hospital alerted visitors to a “system-wide outage” and asked any hospital employee or office using a HRH network to ensure all computers were turned off.

 

The Worst Healthcare Cybersecurity Breaches of 2017
A Department of Health and Human Services (HHS) Healthcare Industry Cybersecurity Task Force report to Congress in June found that digital security is in “critical condition.” According to the Protenus Breach
Barometer, at least 1 breach occurs in the healthcare sector every day. Until now, healthcare has “benefited from relative obscurity while no one was paying attention,” said Joshua Corman, a member of the task force and chief security officer at the software company PTC. “WannaCry shattered that obscurity.”

 

‘Hacking Incident’ Impacts Nearly 280,000 Medicaid Patients
“On Nov. 7, 2017, we learned an unauthorized third party had gained access to folders on the OSUCHS computer network,” the notification letter says. “These folders stored Medicaid patient billing information. On Nov. 8th, we took immediate action to remove the folders from the computer network and terminated the third-party access. We also launched a thorough investigation, including hiring an independent data security firm. The firm assisted us in determining whether the folders had been compromised.”

Why Healthcare CISOs Need to Revamp Cybersecurity Training
It is important for healthcare security teams to train together to defend against the top threats like ransomware. Teams that consistently practice their skills—particularly threat identification and incident response tactics—as an integrated team are more confident, quick and effective in their response to cyberattacks.

 

Healthcare Records of Three Million Norwegians Compromised in “Professional” Cyber Attack
Nilsen said that the data could have been hacked to use for cyber espionage, or perhaps it is likely to be used by someone who provides services based on healthcare information. However, as the health records would also include people who work in government, secret services, military and intelligence staff, politicians and other public individuals, there are some that believe the data could be used for other purposes.

 

Hancock Health Ransomware: Attacking Through the Supply Chain
After payment of four Bitcoins, worth approximately $55,000, the files were released and hospital operations were restored. Hospital leaders learned that the hacker used  an administrative account setup by one of the hospital’s vendors to gain unauthorized access to a system managed by the vendor and infected its systems with the SamSam ransomware variant.

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.