Healthcare Cybersecurity Weekly Briefing 03-09-2018

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

What You Can Do About Patient Safety’s Latest Threat—Cyberattacks
The AMA is using the survey data to look “at how we can encourage the federal government to provide positive incentives to physicians who start to really integrate good cyber practices” when providing patient care[.] Those incentives are based on the long-overlooked physician perspectives captured in the survey, combined with HIPAA’s own standards of “reasonable and appropriate” solutions in other contexts.

A Risk-Based Security Approach Helps Healthcare Protect Data Beyond HIPAA
Obligations under Health Insurance Portability and Accountability Act (HIPAA) and other regulations often leave a healthcare organization implementing security controls in “check-the-box” mode. While this approach may lead to improved security, it fails to look at the operation in a comprehensive manner. Regulatory bodies have narrow scopes of interest, designing regulations specifically to protect the confidentiality of certain pieces of regulated information.

Healthcare Leaders Admit Serious Gaps in Data Breach Response, Survey Finds 
29 percent of respondents did not know what actions an organization took once a cyber attack or data breach was resolved. Technology upgrades were seen by 15 percent of respondents and training was improved at another 14 percent. Staffing or leadership were changed in a combined 17 percent of respondents’ organizations. Another 24 percent responded that they didn’t have a breach.

Most Healthcare Organizations Have Been Breached, Report Shows
Out of the 70% that have been breached so far, the report reveals 36% have been breached in the past year alone, and that as result 55% of respondents feel “very” or “extremely” vulnerable to data breaches. According to the report, while digital transformation is enabling better healthcare through increased efficiency at lower cost, at the same time it is introducing more security risks through the use of cloud, big data, internet of things (IoT) and containers to create, manage and store data.

Healthcare Experiences Twice the Number of Cyber Attacks As Other Industries
The cybersecurity maladies afflicting healthcare manifest themselves in several ways:
·       M&A Activity Creates Vulnerabilities
·       Threat Volume
·       Threat Velocity and Variety
·       New Challenges Arising from IoMT
·       Encryption and the Need for Inspection

Healthcare Leaders Admit Serious Gaps in Data Breach Response, Survey Finds 
In a survey of 154 healthcare and life sciences leaders, KPMG found that more than half (51 percent) of respondents said that written operating procedures about how to respond to a cyber attack either don’t exist or they are unaware of what those standards are for responding to varying types of cyber events and elevated incidence that impact an organization.

 

Healthcare Ransomware Attacks Threaten Patient Safety
Of course, the traditional cybersecurity specter is still hovering: hacker-triggered health data breaches that have terrorized healthcare organizations since electronic health records proliferated in the industry in the 2000s. […] Not so with healthcare ransomware attacks. Patients’ physiological health is at stake here — even if patients are only collateral damage in cybercriminals’ blackmail campaigns and there’s no evidence of any concerted attack on a specific person.

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.