HEALTHCARE INFOSECURITY NEWSLETTER

June 2017

WannaCry Ransomware Survival Guide: 6 Ways to Stay Safe

Ryan Clancy, Deltarisk.com, May 14, 2017

News agencies around the world started reporting on WannaCry ransomware (WCR), aka WanaCrypt0r 2.0. It’s estimated that WCR has already affected more than 75,000 users in 150 countries, ranging from hospitals, businesses, governments, railways, and universities to home computer users. As of today, more than 200,000 systems are believed to be compromised. Although the attack was slowed by a 22-year-old UK security researcher who registered a domain name associated with the ransomware, experts warn that there are other variants of the malware that will continue to spread.

Read More

Healthcare Cybersecurity Task Force Finds 6 Imperative Areas

Health IT Security Staff, Healthitsecurity.com, June 5, 2017

Evolving healthcare cybersecurity threats are posing even greater risks to the industry, which is why the Health Care Industry Cybersecurity Task Force published a report to “address the growing challenge posed by cyberattacks .” These threats pose significant patient safety issues, and require both the public and private sector to work together to ensure that healthcare systems and patients remain protected, according to ASPR Office of Emergency Management Director of Division of Resilience Steve Curren.

Read More

World’s Largest Data Breach Settlement Agreed by Anthem

HIPAA Journal Staff, Hipaajournal.com, June 26, 2017

The largest data breach settlement in history has recently been agreed by the health insurer Anthem Inc. Anthem experienced the largest healthcare data breach ever reported in 2015, with the cyberattack resulting in the theft of 78.8 million records of current and former health plan members. The breach involved names, addresses, Social Security numbers, email addresses, birthdates and employment/income information.

Read More

Heartbleed vs. WannaCry: A Tale of Two Cyber Attacks

Jason Miller, Federalnewsradio.com, May 22, 2017

If there was ever a case to be made for why agencies and organizations invest in cybersecurity protections, look no further than the recent WannaCry ransomware attack. The federal government came away unscathed by the malware that hit more than 300 countries and impacted more than 300,000 computers worldwide. Why did this nasty virus not infect federal computers?

Read More

Afraid to Report Insider Threats? Here’s How to Avoid the Fear Factor

Noah Powers, Deltarisk.com, May 24, 2017

Imagine the following scenario: you work with a colleague who everyone sees as a problem. This individual complains about the direction of the company, unfair treatment, and even vocalizes personal financial struggles. People have come to expect this kind of negative behavior from him. One day, though, you overhear this disruptive co-worker say something out of the ordinary, even for him. He’s discussing ways to copy and sell intellectual property to a competitor for a little extra money.

Read More

PHI Data Breach Leads to $387K OCR HIPAA Settlement

Health IT Security Staff, Healthitsecurity.com, May 24, 2017

St. Luke’s-Roosevelt Hospital Center Inc. (St. Luke’s) settled alleged HIPAA violations from a PHI data breach by paying $387,000 in an OCR HIPAA settlement. Formerly Spencer Cox Center for Health (the Spencer Cox Center), New York-based St. Luke’s specializes in services for individuals living with HIV or AIDS and other chronic diseases. OCR received a complaint in September 2014 that there had been a PHI data breach when St. Luke’s faxed an individual’s information to his employer.

Read More

Think You Know Ransomware? Take a Cybersecurity Quiz

Courtney Linder, Post-gazzette.com, May 25, 2017

Ten minutes, one hour, four hours, click. Postpone that annoying Windows update. Avoiding that dreaded dialogue box that pops up on the screen twice a day is a no-brainer for many American employees who don’t want to restart their computers and install a software patch. But in terms of cybersecurity , what seems like an immaterial decision can quickly become a pipeline for hackers and a major expense for companies.

Read More

New Awareness Study Reveals What You Need For the Best Security Programs

Jennifer Leggio, Zdnet.com, May 30, 2017

SANS Institute has released its 2017 Security Awareness Report, a community-driven study with more than 1,000 security awareness professionals across 58 contributing countries. Security awareness itself has become an increasingly relevant topic for both emerging and mature organizations, given that having a truly skilled professional in the role has become a “must have” versus optional.SANS’ study was designed from a vendor-neutral perspective, to help organizations identify how successful awareness programs are operating, and the challenge of fledgling awareness programs.

Read More