In August of 2018, a group of researchers at Check Point Research successfully breached a system of computers through a vulnerability in a Hewlett Packard printer and fax machine. The team sent a fax containing malware disguised as an image to the machine, which stored the document, and gave the researchers access to all the computers on the network.
A recent Yale study revealed that a large number of American hospitals fail to provide patient records upon request. The research was based on simulated patients requesting medical records and was conducted in 83 of the best hospitals in the US, all of which have independent medical records request processes and medical records departments, reachable by phone.
Cyber security is a growing concern for healthcare entities in the US. The fear of threats has encouraged healthcare providers to connect and collaborate to protect themselves and the data of their patients from attackers. The following healthcare security events are some great opportunities for collaboration on the issue:
Over the past decade, cloud computing has quickly become a necessary transition for healthcare providers. In this technological era, things have become fast paced and an on-premises healthcare system will undoubtedly cause the industry to lag behind. According to the 2016 HIMSS Analytics Cloud Survey, 84 percent of participating healthcare organizations utilize cloud computing in one way or another. Its uses range from data backups and recovery, business functions such as organizational finance and human resources. However, cloud computing is affected by some negative aspects that can cause serious damage if they obstruct a healthcare entity's systems. This is mainly because emergency situations do not withstand additional pressure. Healthcare providers still have some reservations about the following:
In the health sector, priority is always given to saving lives while the security of personal health records (PHR) is often overlooked. This is because in comparison to emergency situations, the storage of information seems very insignificant. As a result, an increasing number of healthcare providers are facing the consequences. From January through May of 2018, in the United States there were 147 security breaches reported, representing 2,807,227 health records exposed via various cyber attack methods. These methods include email hacks, ransomware incidents and malware infections, among others. Cyber-crime is stronger than it has ever been and there are no signs of its decline. Therefore, healthcare providers should counteract this by rising up to the occasion and replacing outdated security tools with updated technologies and strategies.
The HIPAA Security Rule has a set list of requirements for covered entities to adhere to, all of which aim to ensure that organizations housing sensitive personal health information (PHI) are able to secure themselves against potential hackers. One of the conditions for being considered HIPAA compliant is to identify and protect against reasonably anticipated threats. 2017 was a year full of international cyber attacks, which heavily affected health care functions worldwide. Consequently, a new tactic that emerged and is currently being adopted by a growing number of healthcare entities is the use of military war-games to test the strength of cyber security barriers. This consists of a simulation of events that are controlled by the players in the game (in this case, hackers VS defenders).
Even though HIPAA awareness and training is in abundance all across the US, the Department of Health and Human Services received 1,996 breaches in only the first half of 2017. It seems that no matter how hard organizations try, they continue to fall victim to breaches and attacks and do not take sufficient corrective measures to avoid future issues. In response, we have compiled a list of some of the most important lessons learned from 2017 HIPAA violations:
Presence Health, a healthcare network based in Illinois, earlier in 2017 acceded to pay a $475,000 fine after not reporting a breach of unsecured protected health information in a timely fashion. Officials of the Office for Civil Rights (OCR) are noting that the length of time it took Presence to report the breach was not in accordance with HIPAA standards. This action represents the first HIPAA enforcement by the OCR on a healthcare provider for lack of timely notification of a breach.
The number of breaches of unsecured protected health information (PHI) on record in the United States is over 2000 and counting. Significantly, these records only cover breaches affecting 500 or more individuals. One can only wonder how many more breaches have occurred on a smaller scale. The types of breaches range from theft and hacking, to improper disposal and unauthorized access as a result of negligence. Such incidents can be avoided if covered entities (companies involved in healthcare) ensure that all of their business associates are secured. There are many reasons why it is important to have secure business associates. Being aware of these reasons may prompt covered entities to take the necessary measures to protect their clientele's information:
1 2 3 4 5 Older Entries
