Could this breach have been prevented? – A new series

Could this breach have been prevented? – A new seriesOne of the first lessons of process improvement is that preventing errors is much less expensive and time-consuming than remedying the damage after the fact. The same is true for an information breach. The time and cost for installing new software, training staff members, and reinforcing policies and procedures pales in comparison to cleaning up the damage of an information privacy or security breach.Recent headlines of multi-million-dollar ...

5 Tips for Creating an Information Security Culture

Engaging clinical staff in information security can be an uphill challenge. For people doing the tangible, social, and physical work of healthcare, a Security Officer’s cautions regarding the invisible threat of cyber-theft can seem like science fiction paranoia. Further, among the healthcare practitioners who do recognize information security as a relevant concern, a substantial number still see it as an “IT issue.”  And finally, as if those barriers weren’t enough, the mere mention of “HIPA ...

Knock, Knock – We’re here to perform an onsite HIPAA audit.

 Welcome to 2017.  If you haven't heard, the Health and Human Services Office of Civil Rights (OCR) will perform several hundred on-site HIPAA audits this year. The possibility of being selected is highly unlikely, but if you are one of the "lucky" covered entities that is audited you had better be ready - with all your ducks in a row. Current HIPAA training is only one duck, you need at least four more.  So, prepare to go duck hunting and get them in order sooner rather than later.Ther ...

Healthcare under attack by new strain of ransomware

FireEye Labs has identified massive email campaigns by cyber-criminals during Aug, 2016 containing the Locky ransomware embedded in DOCM attachments.  DOCM is Open XML Macro-Enabled Document file used in Microsoft Word.  Which means the file contains a macro which MS Word will execute when you open the file in MS Word.  Healthcare is the leading industry targeted by the campaign.The healthcare industry is now the "industry of choice" by cyber-criminals since Protected Health Information (PHI/ePHI) i ...

Focus on Security: Top Ten Tips for Cyber-Security for Small Businesses

I know it's getting old and boring, but cyber-criminals are focused on PHI, which means we, in healthcare, need to take action to protect it.The SBA has a helpful list of cyber-security tips posted on their web site.  It's a great starting point to harden your defenses and defend against the highly likely cyber-breach.  Here's a summary of what's covered.Protect against viruses, spyware, and other malicious code Secure your networks Establish security practices and policies to protect ...

Your iPhone Is a Target for Criminals

Check Point Software released their April 2016 Threat Index revealing what we all know; cyber-threats are rising at alarming rates.  The report shows Apple's iOS devices are under heavier attack than reported in previous reports. Over 2,000 unique malware families were identified by Check Point during April, which they state is a 50 percent increase over March, and you thought rabbits multiplied rapidly!  The iOS issue comes from the fact they found XcodGhost had moved into the top three most common mobi ...

Healthcare Breaches Caused By Criminal Attacks

Last year the Ponemon Institute’s Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data revealed a shift in the root cause of data breaches from accidental to intentional.  This is worth noting for all healthcare providers, large and small.  It’s not enough to provide good, current cyber security training to all of your employees, but you must improve your overall cyber security to protect your highly valuable ePHI.FierceHealthIT wrote up a good summary on the report, read it ...

Is 2016 going to be “The Sequel” for Healthcare?

We all love sequels of our favorite movies. Unfortunately, when it comes to healthcare breaches, there is not much to love about the likelihood of a 2016 sequel to a record breaking 2015. At the end of 2014, which was recognized as the “The Year of the Cyber Breach”, many industry leaders, including Third Rock, predicted 2015 to be the year of the “Healthcare Breach.” It didn’t take long to for the prediction to come true. By the end of the first quarter, an estimated 91 million healthcare record ...

Building a Privacy & Security Culture: Training is just the beginning!

The privacy and security practices required by HIPAA run counter to decades of habit! Paper charts stored in unsecured racks in public hallways, unsecured computer workstations, and open discussion of patient information in public areas have been the norm in many healthcare facilities despite the 1996 and 2003 HIPAA privacy requirements. The additional risks to patient information posed by new technologies also run counter to decades of thought. Caregivers accustomed to thinking of their facility as a rel ...