Healthcare Cybersecurity Weekly Briefing 6-9-2017

Healthcare Hacking Leading Cause for 2017 Incidents

Cybersecurity issues continue to plague the healthcare industry, so it should come as no surprise that healthcare hacking and IT incidents account for the majority of large-scale incidents in 2017. […] These reported incidents are all in the OCR data breach reporting tool, which does not necessarily account for all security incidents that have taken place so far in 2017. For example, the WannaCry ransomware attack from May 2017 affected numerous countries, with reports of US medical devices potentially being affected.


HHS Task Force Wants Cybersecurity Treated as a Patient Safety Issue

The task force called for a new healthcare-specific cybersecurity framework and for amendments to the Physician Self-Referral Law and the Anti-Kickback Statute to make it easier for large health systems assist smaller practices with their cybersecurity. “Cybersecurity has historically been treated as an IT issue,” Emery Csulak, co-chair of the task force, said during a conference call with reporters. “We want to make sure it’s treated as a patient safety issue.”HHS task force wants cybersecurity treated as a patient safety issue.”


Health Care: Cybersecurity in an Insecure World

Health care falls prey to cybersecurity threats for, arguably, three main reasons. First, records remain consistently valuable to criminals: any random “health care record” could contain a smattering of personal information, including Social Security numbers, driver’s license numbers, and marital status alongside PHI.  […] Second, health care records exist in multiple forms depending on the entity. Digital records can be housed on networks and devices, and paper records are still common in many facilities. […] Third, access control is a balancing act. As this type of information must be accessible quickly if necessary, it is difficult to add on security procedures as an afterthought if they have not been baked in beforehand.


Federal Task Force: Here’s How to Fix Healthcare Cybersecurity

“It’s not just that small- and medium-sized businesses lack funding to incentivize talent. It’s not just the growing lack of talent or encouraging people to go to rural locations. It’s all of them,” Corman said. Though the Health Insurance Portability and Accountability Act (HIPAA) requires healthcare offices to designate an employee in charge of information privacy, many have no training in cybersecurity. Some offices only employ staff in the single digits, meaning an investment in a new full-time worker to handle information security would be an untenable investment.


Healthcare Cybersecurity Task Force Finds 6 Imperative Areas

  • Define and streamline leadership, governance, and expectations for healthcare industry cybersecurity
  • Increase the security and resilience of medical devices and health IT
  • Develop the healthcare workforce capacity necessary to prioritize and ensure cybersecurity awareness and technical capabilities
  • Increase healthcare industry readiness through improved cybersecurity awareness and education
  • Identify mechanisms to protect R&D efforts and intellectual property from attacks or exposure
  • Improve information sharing of industry threats, risks, and mitigations


Mental Health Data Security Critical in HIPAA Compliance

Without proper mental health data security, organizations could suffer a data breach and put sensitive information at risk. How does mental health data security differ from regular PHI security? Are providers able to share information with family members and caregivers? What information are providers permitted to disclose to law enforcement, and for which situations is this allowed?

Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing at:


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.