Healthcare Cybersecurity Weekly Briefing 02-02-2018

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

7 Breach Notification Processes That Must Be Followed 
The breach notification rule requiring HIPAA-covered entities and their business associates to provide public notification following a breach of unsecured protected health information has been around since 2009. But with the industry besieged with ransomware and warnings that it will increasingly get worse during 2018, it’s time for a refresher course on complying with the rule’s provisions, courtesy of guidance from the Department of Health and Human Services, which enforces the rule.

 

Report: Number of Cyber Incidents Doubled in 2017, Yet 93 Percent Could Easily Have Been Prevented
Out of nearly 160,000 reported cyber incidents affecting businesses in 2017, 93 percent could have been prevented by following basic security measures such as regularly updating software, blocking fake email messages, using email authentication, and training employees, a new report claims.

 

Norway’s Data Breach: Lessons for the US Healthcare Industry
Despite the size of the breach, the healthcare provider acted swiftly to mitigate damage, send out notifications, and activate their incident response plan. Additionally the hospital network worked with vendors and trusted partners to expedite the mitigation of the data breach. While this incident did happen in Norway there are some critical lessons that healthcare organizations in the U.S. can take away from this situation.

 

With iOS 11.3, Apple Looks to Unite Patients and Their Healthcare Data
Last week, Apple announced the update to the Health app with the iOS 11.3 beta, enabling mobile users to see EMRs on their iPhone. The updated Health Records section within the Health app brings together hospitals, clinics and the existing app to make it easy for users to see available medical data from multiple providers whenever they choose.

 

Florida Practice Sues Allscripts After Ransomware Attack 
Surfside Non-Surgical Orthopedics has filed a class-action suit against Allscripts alleging the company didn’t protect against a ransomware attack to its cloud-based applications. The Jan. 18 attack caused clients to lose access to the applications, reported Fierce Healthcare. The Boynton Beach, Florida-based practice alleges that Allscripts knew of issues with its systems, but did not fix the problems despite knowing about the threat, which ultimately led to the access issues this month.

 

Hospitals Warned: Imaging Devices Open to Cyberattacks
In their paper “Know Your Enemy: Characteristics of Cyber-Attacks on Medical Imaging Devices,” the researchers show the relative ease of exploiting “unpatched” medical devices whose owners and operators don’t download ongoing security updates. The devices include computed tomography (CT) and magnetic resonance imaging (MRI) machines. Hackers can also block access to MIDs or disable them altogether as part of “ransom attacks.”

 

Avoiding the Epidemic of Hospital Hacks
On January 9, 2005, the Donttrip malware infection hit Northwest Hospital, a large medical facility in Seattle that served thousands of people. The malware clogged up the hospital’s network systems with surges of exploit network scanning. Medical operations ground to a halt as laboratory diagnostic systems couldn’t transfer data. […] That was over 12 years ago. Have things improved?

 

Cyber Security Looming Larger for Med Practices 
Smaller practices also are ideal targets because they might consider themselves below hackers’ radar, and often they don’t have the infrastructure to support a large IT staff. “Physicians don’t go into medicine to become information technology security professionals, so on one hand, it’s a matter of lacking security resources of all types. But mostly it’s a lack of awareness that they are vulnerable, too,” Mr. Piechowski said.

 

How Healthcare Organizations Can Reduce Cyber Extortion Risk
“Implementing and testing robust contingency and disaster recovery plans to ensure the organization is capable and ready to recover from a cyber-attack,” will help organizations reduce their changes of being a cyber extortion victim. Additionally, robust audit logs should be implemented. Healthcare organizations need to regularly review their audit logs for any suspicious activity.

 

Healthcare’s Secret Weapon for Securing the IoMT
Real-time threat detection is made possible by SIEM solutions because they gather data and analytics from every solution deployed across the network to secure and protect it. This information is then cross-correlated and stored in a single location, providing healthcare IT teams with greater visibility into security incidents happening anywhere across the distributed network environment. But detecting a threat isn’t enough. It’s just as important that IT teams have a mitigation plan in place in order to immediately and automatically respond once the SIEM detects a security incident.

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.