HEALTHCARE INFOSECURITY NEWSLETTER

January 2018

3 Steps You Can Take Now to Lower Your Security Risk

John LeBrecht, deltarisk.com, December 7, 2017

Managing risk across an organization requires a lot of different things: setting strategy, determining tolerance, defining metrics. These are critical in your overall risk management efforts, and even more so in information security. But where do you begin? There’s no denying it can feel like a daunting task. It’s hard to make sure that information is available when needed while keeping it safe from people who want to steal or destroy it. However, it’s easier if you use a methodical and easy-to-follow system.

Read More

Are Orgs Filling Necessary Healthcare Cybersecurity Roles?

Elizabeth Snell, healthitsecurity.com, January 2, 2018

Without the right healthcare cybersecurity roles being filled at covered entities, it can be more difficult for organizations to ensure that sensitive data remains secure. Along with CISOs, privacy officers, and compliance officers, entities must ensure that all staff members are properly trained in the latest cybersecurity trends. A recent survey indicates though that healthcare might not be putting enough of a focus on cybersecurity needs.

Read More

Top of Mind for Health System Leaders? Investing in Cybersecurity Tech and Staff

Bernie Monegain, healthcareitnews.com, December 26, 2017

When it comes to technology investments, health systems executives are looking for projects with a high impact. That means cybersecurity is at the top of their to-do lists. Health systems are more likely to invest in proven solutions that offer immediate impact on clear and present dangers such as cybersecurity threats, rather than investing in newer technology, such as artificial intelligence and wearables, new survey shows.

Read More

OIG: HHS audit Results Reveal Cybersecurity Flaws in Configuration, Access Controls

Jessica Davis, healthcareitnews.com, December 20, 2017

The U.S. Department of Health and Human Services security controls need improvement, and there are flaws in its configuration management and access controls, according to a new Office of the Inspector General report. The report was restricted and did not list specific flaws, but it’s just the latest in a series of reports that highlight the agency’s flawed security.

Read More

8 in 10 Healthcare Organizations Lack Chief Cybersecurity Officer

Meg Bryant, helpnetsecurity.com, December 20, 2017

Providers have also been slow to adopt cybersecurity best practices, the survey shows, with more than half (54%) of respondents conceding they don’t routinely conduct risk assessments. Despite a growing number of cyberattacks on hospitals and health systems, 92% of healthcare leaders said cybersecurity and the threat of a breach is not a major focus with their board of directors. And just a fraction said funds are being budgeted for cybersecurity in 2018.

Read More

Cyber Security Is a Serious Problem for Physicians: Survey

Ken Terry, medscape.com, December 12, 2017

More than four in five US physicians (83%) have experienced some form of a cyber attack, according to new research released today by the American Medical Association (AMA) and Accenture. Fifty-five percent of the 1300 physicians who responded to the AMA/Accenture survey were very or extremely concerned about future cyberattacks in their practice. Physicians were most concerned that future attacks could interrupt their clinical practices (74%), compromise the security of patient records (74%), or affect patient safety (53%).

Read More

Five Steps To Greater Cybersecurity In Health Care Organizations

Luis Castillo, forbes.com, December 28, 2017

It is universally acknowledged that frequent hand washing can prevent the spread of infections — and yet, there are health care workers who don’t wash their hands. The use of motorcycle helmets can dramatically reduce the chances of head trauma during accidents, but over 25% of people don’t wear one while riding. This same pattern emerges when it comes to cybersecurity in the health care space. Health care organizations can take several straightforward measures to preserve cybersecurity, but hospitals and health systems do not always follow these protocols.

Read More

9 AWS Secrets You Need to Know Before Moving to the Cloud

Lauen McKenna, deltarisk.com, December 14, 2017

Cloud security is a hot topic lately, and for good reason. As more businesses have migrated to the cloud, there have been more data breaches. In our recent webinar, Flying Blind: 2017 Cloud Configurations Gone Wrong, cloud security experts John Hawley and Mike Piscopo detailed several of the worst misconfiguration disasters we’ve seen this year. Among the data breach incidents we covered in our webinar, there were several in the Amazon Web Services (AWS) Cloud.

Read More

Crafting a Strong Healthcare Cybersecurity Action Plan

Elizabeth Snell, healthitsecurity.com, December 27, 2017

Following recent research showing that 83 percent of physicians report they have experienced a cybersecurity attack, AHIMA released a healthcare cybersecurity action plan to assist entities in preparing for potential threats.
Implementing an information governance program will be critical, AHIMA stressed. A holistic approach to data security can greatly assist organizations of all sizes work toward keeping sensitive information secure.

Read More