Healthcare Cybersecurity Weekly Briefing 12-29-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Fla. Health Clinic’s Cyber Insurer to Pay $2.3M HIPAA Settlement 
“Normally, the covered entity would pay the settlement or fine and would get reimbursed by the insurer,” Green told Healthcare Info Security. “Here, OCR is going directly to the insurer to receive the payment, which is likely in large part because the covered entity is in bankruptcy proceedings.”

 

Risk Assessment: Expert Tips for Combating Ransomware, Identifying Search Results Malware
Cybersecurity experts who have been plowing through this era of nonstop attack attempts have learned a lot along the way. And some of those professionals are glad to share the lessons they’ve learned in order to help other healthcare organizations avoid a crippling attack.

 

Maintain HIPAA Safeguards, Healthcare Cybersecurity on Vacation
Individuals should bring their own power adapters and cords, the agency warned. Malware could be installed onto hotel lamps, airport kiosks and other public USB charging stations. If employees do not have access to their own charger or adapter, then they should power down their device before connecting it to a public charging area.

 

Healthcare CISOs: Master These Skills, Delegate the Rest
“What CISOs should do is what other executives do: Build a team of specialists, and seek outside expertise in the form of industry analysts, consulting and professional services, and managed security services, to provide the expertise the CISO needs as it arises,” he said. […] When it comes to staffing up, CISOs need to be keenly aware of their organization’s needs and shortcomings and of areas where they themselves need help.

 

Crafting a Strong Healthcare Cybersecurity Action Plan
Smaller healthcare organizations, such as rural hospitals or single-physician practices can find it much more difficult to maintain HIPAA compliance, said AHIMA IG Advisors Senior Director Kathy Downing, MA, RHIA. “Often times, those smaller organizations can’t necessarily hire full-time staff to manage privacy and security,” Downing told HealthITSecurity.com. […] Larger organizations cannot always prevent hacks either, which shows how much more difficult it could be for the small facilities, she said.

 

A Look into the Crystal Ball: Cybersecurity Predictions for 2018 
“We expect more exploitation of information as a weapon for financial, political and other gains. As we’ve seen numerous times, including with Equifax this year, these breaches can have a huge reputational and financial impact. Cybersecurity professionals must be prepared to stay ahead of malicious actors to ensure they are not gaining entry to sensitive files and email communications,” concludes Ferrante.

 

Rapid Growth in Security Market Raises Question: How to Pick a Startup
Before plunging into a contract to secure solutions or services from a cybersecurity startup, organizations should ask these five key questions:
·       When did your organization receive its last funding round and did it come from existing investors?
·       Who are your investors?
·       Can you tell me about your management team and their experience in this industry and running a startup?
·       How long has each of your management team members been with the company and did they replace someone?
·       Can you provide me a customer list and tell me the last time you signed up a customer?

 

Five Steps to Greater Cybersecurity In Health Care Organizations
Health care organizations can take several straightforward measures to preserve cybersecurity, but hospitals and health systems do not always follow these protocols. Unfortunately, some high-profile organizations have experienced data security lapses in which protected health information (PHI) has been exposed. Although no electronic system is completely impenetrable, here are five steps organizations can employ to help limit the likelihood of a breach[.]

 

Cyberattack Forces New York State Hospital to Run on Downtime Procedures
A cyberattack disrupted computer systems at Jones Memorial Hospital (JMH) in Wellsville, N.Y. on Thursday, the Buffalo-area health care facility has announced on its website. While the hospital did not state the nature of the incident, the circumstances sound similar to previous ransomware attacks against health care providers. According to the hospital, patient financial or medical information did not appear to be compromised, but a “limited number of our information services” were rendered inoperable.

 

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.

====

Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.