Healthcare Cybersecurity Weekly Briefing 06-08-2018

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Healthcare Security Awareness Training: The Needed Change
This November marks 20 years since I performed my first HIPAA Security Awareness Training (SAT).  I remember it vividly, because it was exactly one month after the Proposed HIPAA Security Rule was published in October ’98. It wasn’t long before I had a calendar full of SATs booked for organizations across the country that needed to comply with the new requirements. Fast forward to today and every week the news is filled with stories like those below (these two are pulled from recent editions of our IT Security News Blast) that demonstrate that two decades of SAT is not providing healthcare organizations with the cybersecurity they need.

[VIDEO] CI Security: Forged in Healthcare
Check out our latest video highlighting CI Security’s laser-focus on protecting patient care and data. Designed for healthcare environments, our MDR service, combined with expert InfoSec consulting, offers the ultimate security solution for complex healthcare environments. Our dedicated team of expert Security Analysts and best-in-class technology provides the complete cycle of threat detection, investigation, response, and recovery for our customer’s most critical systems and networks.

Ransomware Attacks Topped List of Cyber Insurance Claims
AIG said that this was a significant increase from the average of 16 percent of cyber claims coming from ransomware attacks in the years 2013-2016. The WannaCry ransomware attacks, in particular, had a devastating impact on the healthcare industry, as well as the financial services, logistics, education, and manufacturing, according to AIG stats. […] Ransomware has become increasingly commoditized with the creators of recent variants offering revenue-sharing agreements to partners. There is no guarantee that victims will get their data back, even if they pay the ransom, AIG observed.

 Top Health Lawmakers Voice Concern About HHS’s Implementation of Cyber Law
“As cyber threats to the health care sector increase in frequency and severity, it is imperative that HHS provide clear and consistent leadership and direction to the sector regarding cyber threats,” the lawmakers wrote. The lawmakers argued that the agency’s cybersecurity strategy has continued to change since HHS delivered its Cyber Threat Preparedness Report (CTPR) to the committee last April, and even that “report omitted or lacked sufficient detail on many outstanding issues.”

5 Tips to Reduce End-point Complexity, Improve Strategic Alignment
“This study helps healthcare leaders reduce hospital vulnerabilities by detailing the outcomes resulting from strategic decisions of cybersecurity development,” wrote first author Mohammad Jalali, MSc, PhD, and colleagues. “It also aids cybersecurity professionals in understanding the complexities of cybersecurity capability development in hospitals.”

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.