On October 29, the Department of Health and Human Services (HHS) announced the opening of the new Health Sector Cybersecurity Coordination Center (HC3) in Washington D.C. The Deputy Secretary of the HHS, Eric Hargan, headed the ceremony, which was an iconic way of concluding National Cybersecurity Awareness Month.
October marks National Cybersecurity Awareness Month, and like the new year, organizations usually try to re-center their operations and renew their security resolutions. Some take this opportunity to update employees on the current security climate.
Over the past decade, cloud computing has quickly become a necessary transition for healthcare providers. In this technological era, things have become fast paced and an on-premises healthcare system will undoubtedly cause the industry to lag behind. According to the 2016 HIMSS Analytics Cloud Survey, 84 percent of participating healthcare organizations utilize cloud computing in one way or another. Its uses range from data backups and recovery, business functions such as organizational finance and human resources. However, cloud computing is affected by some negative aspects that can cause serious damage if they obstruct a healthcare entity's systems. This is mainly because emergency situations do not withstand additional pressure. Healthcare providers still have some reservations about the following:
The evolution of ransomware, dating back as far as 1989, has snowballed along with the development of technology to become a very profitable business for hackers. It is easier than traditional hacking, more efficient and allows them to cash in quickly and with minimal complications. Attackers can breach a vulnerable system through a back door and encrypt its data, which effectively shuts out users and prevents them from accessing any records or documents. A message demanding money then appears on the screen, a time limit is set and a countdown begins. The element of time implants a sense of urgency in the victim, compelling him/her to pay the ransom as quickly as possible. All this can be done from the comfort of a hacker's lair far away and almost impossible to track.
The reason why attackers are so successful in breaching electronic devices is because of the perceived distance people put between themselves and the possibility of such a breach ever happening to them. The belief that a ransomware attack is far-fetched is the very reason why ransomware is so lucrative. Putting your guard down is the vulnerability that hackers are waiting for. Below is a list of best practices that can help you protect and secure yourself effectively:
Human error is inevitable, and that is exactly what hackers count on. One slip-up can result in the loss of large amounts of data and cause a company to lose its credibility in the eyes of its customers. Overspending on high tech systems while neglecting employee training in cyber security is a poor strategy that will prove ineffective. It is also the main reason why human error is a leading cause of cyber attacks. Although it is not possible to completely eliminate human error, seeking ways to minimize it as much as possible will help reduce the occurrences of security breaches. In order to be able to do that, it is important to know the main sources of human error and how to avoid them.
2018 is proving to be a promising year for CIO development and innovation. CIO events are bringing more opportunities to the table, as participants are provided with time to network, meet and collaborate on bigger initiatives. Below is a list of the upcoming CIO events occurring in the US throughout the remainder of 2018:
The HIPAA Security Rule has a set list of requirements for covered entities to adhere to, all of which aim to ensure that organizations housing sensitive personal health information (PHI) are able to secure themselves against potential hackers. One of the conditions for being considered HIPAA compliant is to identify and protect against reasonably anticipated threats. 2017 was a year full of international cyber attacks, which heavily affected health care functions worldwide. Consequently, a new tactic that emerged and is currently being adopted by a growing number of healthcare entities is the use of military war-games to test the strength of cyber security barriers. This consists of a simulation of events that are controlled by the players in the game (in this case, hackers VS defenders).
Even though HIPAA awareness and training is in abundance all across the US, the Department of Health and Human Services received 1,996 breaches in only the first half of 2017. It seems that no matter how hard organizations try, they continue to fall victim to breaches and attacks and do not take sufficient corrective measures to avoid future issues. In response, we have compiled a list of some of the most important lessons learned from 2017 HIPAA violations:
Presence Health, a healthcare network based in Illinois, earlier in 2017 acceded to pay a $475,000 fine after not reporting a breach of unsecured protected health information in a timely fashion. Officials of the Office for Civil Rights (OCR) are noting that the length of time it took Presence to report the breach was not in accordance with HIPAA standards. This action represents the first HIPAA enforcement by the OCR on a healthcare provider for lack of timely notification of a breach.