Healthcare Cybersecurity Weekly Briefing 5-26-2017

Healthcare Among Industries Most Vulnerable to Cyberattack

“Is cyber risk systemic?” […] The survey, which polled cybersecurity, technology, and insurance professionals in the United States, the United Kingdom, and Continental Europe, found that more than half of survey respondents said a simultaneous attack on five to 10 companies is highly likely in the next year. More than one-third estimated the likelihood of a simultaneous attack on as many as 50 companies at greater than 50%. Some even predicted that as many as 100 companies could be attacked.

WannaCry Responsible for Infecting Medical Devices

It is not surprising to know that Internet-connected Medical devices are vulnerable to cyber attacks. There have been several cases in the recent past in which cyber criminals took over life-saving devices and held them to ransom. […] Initial reports said that it was mainly the management systems that were affected. Later, however, the Health Information Trust Alliance in the U.S, stated that medical devices had also been infected. This is because these devices were connected to the infected networks and had Windows running on them. Therefore, WannaCry was able to spread to these devices as such.

HHS Reiterates OCR Ransomware Guidance After Recent Attack

HHS sent an email reminder to that Healthcare and Public Health Sector (HPH) organizations about OCR’s guidance released in 2016. “OCR presumes a breach in the case of ransomware attack,” HHS warned. “The entity must determine whether such a breach is a reportable breach no later than 60 days after the entity knew or should have known of the breach.” Additionally, asking law enforcement to hold reports tolls the 60-day reporting deadline.

OIG Notes Va. Medicaid Information Security Vulnerabilities

An Office of Inspector General (OIG) audit found the Virginia Medicaid Management Information System (MMIS) to have information security vulnerabilities. “Virginia did not adequately secure its Medicaid data and information systems, which potentially compromised the integrity of its Medicaid program and could have resulted in unauthorized access to and disclosure of Medicaid beneficiary information,” OIG stated in its report.

West Virginia Reorganizing State’s Cyber Security Effort 

In an executive order, Justice has also directed the West Virginia Office of Technology, to conduct risk management oversight to ensure cyber security of electronic records. Under the order, the board will maintain the State Privacy Office responsible for issuing policies and conducting assessments. It was previously organized under the Department of Health and Human Resources’ Health Care Authority. The order, signed last week, says it’s also imperative for the state to engage with its business partners to protect West Virginians’ privacy.

Cyber Security a Priority for Utilities

Muhammed Khan, a security infrastructure specialist at the Health Authority – Abu Dhabi, said that IoT devices will hit the 20 billion mark by 2020, which means a surge in an entire illicit network. “The criminal network has begun offering ransomware as a service, enabling anyone to extort their favourite targets,” Mr Khan said.But a breech at a power utility is a national security issue as it can involve overriding commands for a nuclear power plant, or shutting off the power supply, which can hurt the economy.

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing at:


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.