Posts in Category: Cybersecurity

Latest Healthcare Cyberattack Highlights Need for Prevention 

How would you like to have to tell 34,000 patients that their data had been hacked? That’s the situation that Quest Diagnostics found itself in recently after hackers stole health information including names, birth dates, telephone numbers and lab results.

The clinical laboratory services company is just the latest victim in a long string of cyberattacks targeting protected health information. One in 13 patients stand to have their records stolen because of a healthcare provider breach, according to Accenture, an industry consulting firm. Healthcare organizations that have been the recent target of cybercriminals include:
Hollywood Presbyterian Medical Center, which paid a $17,000 ransom in bitcoin to regain control of its computer systems after a hack.
Anthem Inc., the second-largest U.S. health insurer, which had the records of nearly 80 million customers stolen.
MedStar Health, where hackers encrypted data from 10 hospitals, causing widespread confusion and delays in treatment because providers were unable to access records.
What can healthcare providers do to protect against such cyberattacks? We’ve collected a number of articles offering advice.
Tips for protecting hospitals from ransomware as cyberattacks surge
Hospitals Battle Data Breaches With a Cybersecurity SOS
Protecting a vulnerable industry against cyber attacks
5 Ways Providers Can Prevent Patient Data Breaches

What is your organization doing to protect itself from hackers? Share your strategies in our comments section below.

Clinician mobile device use increasing as healthcare organizations struggle to protect data 

The number of clinicians who use smartphones and other mobile devices on the job is rising rapidly, and so is the number of facilities that have created mobile device management strategies to cope. "Organizations with a documented mobility strategy have nearly doubled, and in-house use of pagers has increased slightly during the past two years," according to Health Data Management.

Almost 90 percent of physicians surveyed reported using smartphones, while about half of nurses and other staff members use them. In response, more than 60 percent of hospitals surveyed have a documented mobile device strategy. (The survey, by mobile messaging service vendor Spok, included responses from about 550 hospitals.)
The leading mobile devices used in hospitals are:

  • Smartphones (78 percent)
  • In-house pagers (71 percent)
  • Wi-Fi phones (69 percent)
  • Wide-area pagers (57 percent)
  • Tablets (52 percent)

Security and privacy, of course, are huge concerns for those setting mobile device policy, leading some organizations to forbid clinicians to use personal devices for work-related communication. About 80 percent of surveyed hospitals with such policies cited fear of data breaches as the reason behind their rules. 

Click here to download the survey.
What's the mobile device policy at your organization? Share your thoughts with the LUMEDX community by commenting below. 

Healthcare Cybersecurity Failings Draw the Ire of Accountability Office 

GAO Recommends Corrective Action by Department of Health and Human Services

More than 113 million electronic health records were breached in 2015, a year that saw a total of 56 cybersecurity attacks in healthcare alone. That's a 13-fold increase from 2006 to 2015.
The Government Accountability Office isn't going to let those cybersecurity failures go unremarked upon. The GAO last week came down hard on the Department of Health and Human Services, pointing out a number of weaknesses in efforts by HHS to help health plans and other providers protect data.
"HHS has established an oversight program for compliance with privacy and security regulations, but its actions did not always fully verify that the regulations were implemented," wrote the GAO in a report released Sept. 26. The report also called out HHS for giving technical assistance "that was not pertinent to identified problems" in cybersecurity, and for failing to follow up on cases it investigated. 
In short, the GAO found, loss or misuse of health information is not being adequately addressed by HHS. To help healthcare organizations comply with HIPAA and prevent further data breaches, the Office said, HHS should take the following corrective actions:

  • Update its guidance for protecting electronic health information to address key security elements.
  • Improve technical assistance it provides to covered entities.
  • Follow up on corrective actions.
  • Establish metrics for gauging the effectiveness of its audit program. 

HHS generally concurred with the recommendations and stated it would take actions to implement them.

UPDATE: On Oct. 4, HHS announced that it had awarded funding to help protect the health sector against cyber threats. Learn who received the funding, and how it is intended to help healthcare organizations.

  • RSS

Statistics

  • Entries (225)
  • Comments (569)

Categories