Healthcare Cybersecurity Weekly Briefing 12-01-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Soaring Cost of Cyber Attacks Raises Concerns for Boston Healthcare Industry
Responses revealed just one successful cyber attack was responsible for costing organizations over $5 million on average, or roughly $300 per employee. Loss of IT and end-user productivity was listed as the most costly consequence of successful endpoint attacks, with system downtime and theft of informational assets following closely behind.


Survey: Financial Costs of a Cyber Attack Increasing Year Over Year 
The survey found that 21 percent of enterprises report that monetary losses from cybersecurity events have increased year over year. In fact, enterprise organizations estimate financial losses at an average of $884,000, compared to estimates of $471,000 from the previous year.


Healthcare Group Pushes for Tighter Email Security Amid Fears Over Fraud
The email protocol was not designed to check if the return address on a message is accurate. Anyone using email can place any name or email address on a message. NH-ISAC will make its members pledge in 2018 to use DMARC, an add-on protocol that ensures unauthorized people cannot send emails from a particular domain.


Cottage Health System Fined $2M for 2 Separate Data Breaches Linked to ‘Basic’ Security Failures
A California health system has agreed to a $2 million settlement with the state attorney general to settle claims that it failed to implement basic security protocols, which led to the exposure of nearly 55,000 medical records. […] In the first incident, which stretched from 2011 to 2013, patient information was accessible and searchable online without any encryption, password protection or firewall in place to prevent unauthorized access. More than 50,000 patient records were accessed by the time the security flaws were discovered.


OpenEMR Flaw Leaves Millions of Medical Records Exposed to Attackers
The vulnerable component is the setup.php installation script, which allows users to easily install the application through a web browser. Isaac Sears, who released details and exploit code for another SQL flaw involving the setup.php script in late October, found that it could allow unauthenticated remote database copying because it exposes functionality for cloning an existing OpenEMR site to an attacker-controlled MySQL server.


House Asks HHS to Develop Healthcare Cyber Risk Plan
A bill of materials (“BOM”) is a list of each component, including software components, and any known risks associated with a component of a piece of medical technology. The idea behind the request is that a BOM could potentially provide visibility on cybersecurity risks for health care organizations that use such technologies. Healthcare organizations, such as hospitals, may then use the BOM to assess and mitigate their own cybersecurity risks.


Security & Privacy in the Era of Digital Health
According to Accenture, “25 percent of patients impacted by healthcare provider data breaches between 2015 and 2019 — more than 6 million people — will subsequently become victims of medical identity theft. Sixteen percent of impacted patients—more than 4 million people—will be victimized and pay out-of-pocket costs totaling almost $56 billion over the next five years.”



Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.