Healthcare Cybersecurity Weekly Briefing 02-23-2018

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

[INFOGRAPHIC] Inside the Mind of a Threat Actor: Tactics, Techniques, and Procedures Explained
They lure their victims with the bait of a seemingly innocent email or landing page in an attempt to steal their user credentials. And they only need to succeed once to get in. Once they have hooked their victim hooked, a cybercriminal can literally take over an entire network in a matter of minutes. Or worse yet, they can lurk quietly on a connected device for months, unbeknownst to the IT team, plotting how to extract the most profit and/or cause disruption from the now compromised network.


Penn Medicine CISO: 3 Strategies Every Security Team Should Have
Information Security leaders need to use this new level of awareness as an opportunity to implement some of the fundamental security controls that are no-brainers to an outsider, but require an extraordinary amount of coordination, support, and understanding from the business.
·       Patch management.
·       Cloud Security.
·       Email Protection.


Study in the American Journal of Managed Care® Takes a Closer Look at What Types of Hospitals Have Data Breaches
Among other findings:
·       During the 7-year study period, 215 breaches affecting 500 or more people took place in 185 nonfederal acute care hospitals; 30 hospitals had more than one breach, and one hospital had four breaches.
·       Teaching hospitals and pediatric hospitals were more likely to experience breaches.
·       Larger hospitals (more than 400 beds) were more likely to have breaches than small (less than 100 beds) or medium hospitals (100 to 399 beds).
·       Investor-owned hospitals (for-profit) were less likely to have a data breach.


How the FTC Act, HIPAA Privacy Rule Impact Healthcare Orgs
Essentially, healthcare organizations must ensure that all of their statements to consumers are HIPAA compliant and also adhere to the FTC Act. For example, a provider cannot bury important information into its privacy policy or terms of use. This could be done by requiring a patient to click on a “patient authorization” link to learn more about how her information will be made viewable to the public. Once the link is clicked, the patient has “given permission” for her data to be used.


Healthcare, Pharma, and Biotech Organizations Report High Levels of Fraud, Cyber and Security Incidents
An overwhelming majority of respondents stated that customers had been negatively impacted by all three risk factors – 92% by a fraud incident, 92% by a cyber incident, and 80% by a security incident. A similar proportion said that the impacted company’s reputation had suffered due to a fraud (90%), cyber (75%), or security (74%) incident.


Life-saving Pacemakers, Defibrillators Can Be Hacked and Turned Off
It is also worth noting that heart devices that require software to run or depend upon wireless communications are most likely to be vulnerable to hack attacks and these attacks can be life-threatening for the patients. These devices are hacked for political or financial benefits. Therefore, doctors and government regulators must implement ‘aggressive’ methods to prevent hack attacks to ensure the safety of patients.


Healthcare Providers Battling Cyber Attackers
Health care IT experts say these incidents are part of a constant digital skirmish taking place across computer networks as criminals, terrorists, “hacktivists” and sometimes even foreign nations attempt to access patient records and employee information and, sometimes, even hack into medical devices.



Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.