Healthcare Cybersecurity Weekly Briefing 9-1-2017

Critical Informatics Healthcare Cyber Security

Critical Informatics Healthcare Cyber Security

Are We Over-Sharing Our Personal Health Data?

Make no mistake, those vast databases give healthcare providers a comprehensive view of their patients’ health, an advantage that easily could be lifesaving in an emergency. The down side is those databases put our most private information at risk for exposure. Hospitals, insurers, doctors and government agencies didn’t pay “much attention to privacy and security” in their rapid efforts to digitize a lot of health data and aggregate it electronically[.]


Defray Ransomware Seen Targeting Education, Healthcare Industry

In one campaign the Word document purported to come from a UK-based hospital’s Director of Information Management and Technology. In the other, the Word doc billed itself as coming from a UK-based aquarium with international locations – likely SEA LIFE, an aquarium with locations in Birmingham, Brighton, and Manchester, with additional locations in the U.S., Australia, and China.


Your Health Data is Vulnerable to Hacks. Here’s What You Can Do

As scary as these examples are, the solution isn’t to stop seeking medical treatment. Patients can take some steps to protect their data and their privacy. One thing to do is a reference check on your insurer, hospital or health care provider by visiting the Office of Civil Rights’ list of providers that have experienced breaches, sometimes referred to as the “Wall of Shame.” Since July 1 alone, 35 breaches have been reported and are under investigation affecting more than 850,000 individuals.


Rising Data Security Threats Drive Growth in Outsourcing

Other areas growing quickly include disaster recovery and network operations. Like cybersecurity, these are important areas and require specialized skills that are not necessarily core to the business, Wagner said. Outsourcing is becoming more attractive to all organizations, the study said, but large organizations are growing IT outsourcing budgets the fastest. At the median, large organizations have increased the percentage of their IT budgets spent on outsourcing from 6.3 percent to 8.7 percent.


How Emerging Cyber Threats are Transforming the HIPAA Landscape

And despite the omnibus HIPAA Final Rule on Privacy & Security that HHS posted in Jan. 2013, which brought new safeguards to protect ePHI, healthcare CIOs and CISOs must be constantly on the ball, making adjustments to their cybersecurity plans to ensure they don’t run afoul of HIPAA rules. That is increasingly difficult in the post-omnibus era of more sophisticated attacks, most notably ransomware, ransomworms and whatever comes next. Take the latest ransomware variant Defray, for instance, which is specifically targeting healthcare and education sectors.


New Ransomware Virus Targets Healthcare Organizations

Cybersecurity experts have identified a new ransomware strain that is targeting healthcare organizations, FierceHealthcare reports. The virus, dubbed Defray, spreads via a Microsoft Word attachment in emails sent to potential victims. The messages are customized to appear to come from a trusted source. […] In one example of the personalized approach, an attachment titled Patient Report used the logo of a hospital in the United Kingdom and claimed to be from the hospital’s director of information management and technology. The ransomware demands $5,000 in bitcoin to release encrypted files.


465k Patients Told to Visit Doctor to Patch Critical Pacemaker Vulnerability

The update will require patients to visit a clinic where doctors will put the pacemakers in backup mode while the firmware is being patched. The Abbott letter said that, for certain patients, the update should be performed “in a facility where temporary pacing and pacemaker generator change are readily available, due to the very small estimated risk of firmware update malfunction.” An advisory issued by the Food and Drug Administration said 465,000 pacemakers in the US alone are affected. The number of pacemakers in other countries wasn’t immediately available.


HIT Think Healthcare Industry Must Address IoT Security in its Planning

Securing the IoT in a healthcare environment requires communication and understanding. Executive leadership must understand that with these tremendous advantages comes additional responsibility. Agreement must be reached that any device requiring connectivity be vetted prior to purchase. Baseline requirements should be established around antivirus, patching and routing. In addition, departments that have traditionally run their own shops now need to partner with IT in discussions regarding purchasing, and later, deploying connected devices.


Fight the Growing Cyber Challenge in Health Care 

Another issue within the industry is that technology isn’t implemented as quickly as it becomes available, with health care IT facing particular cultural challenges. “In many hospitals, there has been a common culture in which doctors’ preferences have been heavily weighted, making it difficult for IT to implement change,” Mellen says, adding that the culture is changing. “Cybersecurity initiatives that had once been blocked due to ‘possible outages that could impact patient safety,’ are now being welcomed in order to improve patient safety.”


Stay up to date on the Healthcare Information Security news that you need to know by signing up for our Healthcare Briefing Here.


Critical Informatics and the Critical Informatics logo are the trademarks of Critical Informatics, Inc. All other brand names, trademarks, service marks and copyrights are the property of their respective owners.  © 2017 Critical Informatics, Inc. All rights reserved.