Healthcare Cybersecurity Weekly Briefing 12-22-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

The C-Suite Needs Cyber Bootcamp
Not only are financial executives highly likely to become a target, the risk associated is greater. Financial executives in particular have access to the bank account as well as critical business intelligence about pending deals and that could easily be leveraged from an extortion perspective. […] Despite the fact that c-suite executives are frequent targets, organizations often exclude them from cyber security training or under-prepare them for an attack.

 

The Financial Cost of a Data Breach to Your Business
Although it may not hit you right away, your company’s damaged reputation is likely to cost you the most in the long run. According to Security Metrics, many businesses have documented losing up to 40% of their revenue from customers after a breach. Whichever way you look at it, customers losing faith in your brand will cost you financially, and it may take years to rebuild their trust.

 

Why Incident Response is the Best Cybersecurity ROI
Most organizations will suffer one or more major security incidents in which an attacker has administrative control over the IT systems that enable business processes and storing critical data, according to the Microsoft Incident Response Reference Guide. Business leaders and IT executives aren’t expected to entirely prevent cyber attacks, but they’re expected to react immediately and manage the fallout.

 

Black Book: 84% of Hospitals Lack a Dedicated Security Leader
“These results may not be all that surprising, however, considering some of the new solution providers are offering passive monitoring for their networks and the upfront costs have been dramatically slashed,” Brown said. Still, a whopping 92 percent of the C-suite executives surveyed said cybersecurity and the threat of data breach are not major talking points with their board of directors.

 

HHS Struggles with Cybersecurity, OIG Finds
The OIG found problems with both the management of the systems and access control. “It’s hard not to think that HHS’ internal security is a mess,” said Chris Hart, an attorney with Foley Hoag. “It’s disconcerting given the fact that HHS has a cyberunit that is intended to help hospitals and healthcare companies with their own cybersecurity systems.”

 

Prediction: Health Care in the Security Crosshairs in 2018
The report found that the health care industry has a weak security posture overall and this is escalating risks at a time when threats are getting more sophisticated. There is also a surprising lack of security awareness in the health care industry, especially when you consider a cyber attack could result in life or death situations. As the report stated: The healthcare industry’s poor security posture makes it susceptible to the most basic opportunistic attacks.

 

8 in 10 Healthcare Organizations Lack Chief Cybersecurity Officer 
Providers have also been slow to adopt cybersecurity best practices, the survey shows, with more than half (54%) of respondents conceding they don’t routinely conduct risk assessments. Despite a growing number of cyberattacks on hospitals and health systems, 92% of healthcare leaders said cybersecurity and the threat of a breach is not a major focus with their board of directors. And just a fraction said funds are being budgeted for cybersecurity in 2018.

 

Protecting Healthcare From Cyber Attack
Standardized cyber identity credentials are a form of code. Those compliant with the SAFE-BioPharma standard assure strong trust that the code has been issued following a detailed protocol that checks and confirms the individual’s actual identity. Once activated, the credential requires use of multi-factor authentication to be accepted by computer systems programmed to participate with the standard.

 

Cyber Insurer to Cover Bankrupt Cancer Clinic’s $2.3M HIPAA Fine 
OCR has repeatedly said that it doesn’t wish to put organizations out of business when issuing these fines, but privacy attorney Adam Greene of law firm Davis Wright Tremaine, who was not involved in the case, told Healthcare Info Security that “when things might be tough financially, OCR clearly still expects the organization to put significant resources into privacy and security.”

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.

//]]>