Healthcare Cybersecurity Weekly Briefing 7-14-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Overcoming File Sharing, Healthcare Cloud Security Concerns
Potential file sharing and healthcare cloud security risks must be addressed in covered entities’ and business associates’ risk analyses, according to the latest OCR cybersecurity newsletter. These collaboration tools can greatly benefit organizations, but the possible privacy and security risks cannot be ignored. Risk management policies and business associate agreements (BAAs) should also review any file sharing or cloud computing options to ensure PHI security, OCR maintained.

What Hospitals Using Cloud Storage Should Know About Verizon’s Data Breach
The cause of the breach? An employee unchecked a box, which made the database public. Amazon makes the default setting private for all cloud storage. […] These issues highlight the need for hospitals to exercise caution when uploading data to the cloud, as user error is a major issue. Cybercriminals — who make a living off these vulnerabilities and exposed databases — are constantly surveying the internet to find flaws and sell the data on the dark web.

OCR Responds to Rise in Health Care Cyber Attacks
In addition to reporting to OCR as soon as possible any breach of protected health information (PHI) affecting 500 or more individuals, OCR recommends in its checklist that a health care organization experiencing a cyberattack or similar emergency do the following:

  • Execute its response and mitigation procedures and contingency plans;
  • Report the crime to other law enforcement agencies; and
  • Report all cyber threat indicators to the appropriate federal and information-sharing and analysis organizations.

Think Twice Before Ignoring FDA Cybersecurity Guidance
FDA late last year published new guidance documenting postmarket management of cybersecurity in medical devices. It seems prudent to recognize this guidance for exactly what it is: a wake-up call for the medical industry that we are in the 21st century and the potential for hacking any medical device, whether it is connected to a network or not, is a problem that must be taken seriously.

56% of Healthcare Providers Plan to Invest in Data Breach Protection, Says Netwrix Survey

  • 68% of healthcare providers do not have a separate cybersecurity function.
  • 56% of healthcare organizations perceive employees to be the biggest threat to system availability and security.
  • 56% of healthcare organizations plan to invest in security solutions to protect against data breach.

Global Survey: 95 Percent of Healthcare Orgs Don’t Use Security Governance or Risk Management Software
What’s more, the survey found that 79 percent of IT operations are at least partially responsible for security, and 68 percent of healthcare providers do not have a separate cybersecurity function, which means the responsibility for security-related tasks will most likely fall on the IT operations teams. Only 31 percent of healthcare organizations claim to be well prepared to beat IT risks, and more than half (56 percent) of healthcare organizations plan to invest in security solutions to protect against data breaches, the survey found.

Healthcare Cyber Security Market Is Estimated to Reach $10.85 Billion By 2022: Grand View Research, Inc.
Lack of adequate IT spending by healthcare organizations and lack of awareness about cyber crime have exposed the vulnerabilities of healthcare organizations. The overall impact of cyber attacks on the hospitals and healthcare systems is estimated to be nearly six billion per year.

Health IT Organizations Urge Congress to Increase NIST Funding
[The] multi-stakeholder letter states, “Lawmakers should understand that the resources NIST needs to undertake industry-government efforts on cybersecurity, including the voluntary Framework for Improving Critical Infrastructure Cybersecurity, comes from the STRS account. Our groups recognize that policymakers need to spend taxpayers’ monies wisely, but the framework has been a remarkable success.”


Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing at:


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.