HEALTHCARE INFOSECURITY NEWSLETTER

September 2017

Hackers Breach New York’s Largest Provider With Phishing Attacks

Jessica Davis, healthcareitnews.com, August 31, 2017

Kaleida Health, New York’s largest provider, is once again notifying patients of a phishing incident. This one involves 744 patients. The organization discovered the incident on June 26, when it found an unauthorized third-party gained access to an employee’s email account.

Read More

HHS Reviews HIPAA Rules Following Hurricane Harvey

Elizabeth Snell, healthitsecurity.com, August 30, 2017

Healthcare providers can face numerous challenges during natural disasters, including adhering to HIPAA rules while working to provide proper patient care through an emergency. HHS recently released a bulletin to help guide covered entities through declared emergencies, such as the aftermath of Hurricane Harvey in August 2017.

Read More

Incident Response Best Practices: What You Can Expect During the First Call

Andrew Cook, deltarisk.com, August 18, 2017

Imagine this scenario: you’ve just discovered your network has been breached. You need to get a handle on the situation quickly but you’re still trying to figure out what happened. What are the incident response best practices you should follow?

Read More

Outside Attacks Caused Almost Half of Data Breaches in July

Joseph Goedert, healthdatamanagement.com, August 22, 2017

Data breaches in the healthcare industry were most likely caused by outside hacking in July, the first month in 2017 in which threats from outside healthcare organizations exceeded insider breaches, according to Protenus , a security firm that tracks industry breaches.

Read More

Anonymous Hacker Says They Stole 1.2 Million NHS Patients’ Data

David Bisson, grahamcluley.com, August 22, 2017

A member of the Anonymous hacking collective claims to have stolen data belonging to 1.2 million patients of the United Kingdom’s National Health Service (NHS). The breach affected swiftQueue , a software provider of dashboard and metrics solutions to healthcare clinics.

Read More

Hackers and Hospitals: An Infographic on Medical Device Security

Medium Staff, medium.com, August 4, 2017

Of all of the connections brought about by the Internet of Things, nothing is more frightening than the notion of an unsecured medical device. The magnitude of risk associated with medical devices and the Internet of Things is a gripping proposition with 67% of medical device makers expecting an attack on their devices while only 17% taking measures to prevent an attack, according to Ponemon.

Read More

Orgs Have Failed to Make Necessary Security Improvements Since WannaCry and Petya

Michael Hill, info-securitymagazine.com, August 10, 2017

More than two-thirds of security professionals are not confident their organizations have made necessary security improvements since the WannaCry and Petya attacks earlier this year, according to new research from Tripwire.

Read More

The Biggest Healthcare Breaches of 2017 (So Far)

Healthcare IT News Staff, healthcareitnews.com, September 5, 2017

Healthcare proved itself a lucrative target for hackers in 2016, and so far in 2017 is, unfortunately, following suit. From organizations with exposed, unused websites to unencrypted storage drives, health organizations still have much to learn about security.

Read More

In a Ransom DDoS Attack, It Doesn’t Pay to Pay

Pymnts Staff, pymnts.com, August 4, 2017

The distributed denial-of-service (DDoS) attack has made a massive resurgence in Q2, particularly Ransom DDoS, or RDoS. In a RDoS attack, cybercriminals threaten to launch a DDoS attack on a victim’s critically important online resources if they don’t pay up. The threat is often accompanied by a smaller-scale DDoS attack to demonstrate that the criminal means business.

Read More