Cybersecurity: It’s a healthcare risk issue

Wannacry may be the best thing that has happened to the healthcare industry in a long time. It brought to light just how terrible a job the industry does in protecting patients from identity theft.  That's what it means to lose a patient's protected health information or PHI. PHI is now a currency on the black market.  It is worth over a 100 times the value of a credit card record.  If you're a covered entity (healthcare plan, healthcare clearing house, or healthcare provider) or a business associate ...

Missing the HIPAA Target – Part 5 and Last of the Series

In this series I have tried to capture key steps to enable successful implementation of critical HIPAA elements.   Right or wrong, HIPAA has become the recipe for cybersecurity for healthcare.  But because of the legacy of HIPAA, the majority of providers do not take it seriously.  If you are not taking cybersecurity seriously, you are heading for a train wreck!This series has emphasized:Being risk management proficient rather than being a "HIPAA Expert". Being accountable, which means ...

Phishing with Ransomware – Don’t take the bait!

Phishing is a hacking technique that uses phony emails to trick users into revealing sensitive account information (e.g., account password) and/or installing malicious software (“malware”). With ransomware hogging the headlines, non-technical staff may have gotten the impression that the phishing threat is over. News flash – 97% of phishing messages now act as carriers for ransomware!  (Barkly Stats & Trends) Aaghh!So now, it’s more important than ever that staff be trained to anticipa ...

Closing the Cybersecurity Gap

As we hear more and more about breaches and ransomware in businesses and especially healthcare, it is becoming an even greater concern for healthcare business owners. It is no longer if you will be attacked, but when and how often.The first step in closing the cybersecurity gap is to realize that you can't do it on your own. Cybersecurity is not finding your basic "IT guy" that "can fix it". It is about obtaining the right resource whether that is a full time hire or a managed service.The next thin ...

What to do if you are a Ransomware victim – latest guidance from HHS

In an earlier post, Clint Eschberger explained that the Best Defense Against Ransomware is a Good Backup. So hopefully your backups are in order - multiple, off-site, and tested.In addition to your internal processes for getting your organization back online, the HHS just issued the following guidance for reporting ransomware incidents and obtaining guidance.If  your organization is the victim of a ransomware attack, HHS recommends the following steps:Please contact your FBI Field Office ...

Missing the HIPAA Target – Part 4

In my first blog of this series, I stated that the intent of HIPAA was not to make you an expert on regulations, but to guide you to be risk management proficient, which is the ability to recognize threats and risks to your practice and manage them to eliminate or minimize their impact.  The next installment was accountability; taking ownership and delivering verifiable results.  This was followed by the importance of training.  What is the next?Well, you need to know how to identify risks and th ...

Care Disruption – The Ultimate Security Risk

We in the cybersecurity and HIPAA compliance communities talk a lot about breaches and fines and total costs of breach remediation - yadda, yadda, yadda. All non-trivial realities to be sure, but when the WannaCry ransomware attack paralyzed hospitals and physician practices and pharmacies and surgery centers around the globe, I was thinking about the members of the care team. Elective surgeries can be postponed and lots of routine wellness services, such as eye exams and hearing tests and school physic ...

Buckle Up, It’s Going to be a Wild Cyber Ride!

Breathing a sigh of relief that the WannaCry ransomware attack didn’t hit your organization?  Thinking you’ve dodged that bullet?  Well, think again!  If trends are any indication, and they typically are, I think it’s going to get a lot bumpier.  Below are some incidents that lead me to to this conclusion.  So, buckle up and hold on tight!January 2015 – Largest Single Healthcare Breach - Anthem Insurance breach affecting over 80 million people.  Investigations point to state sponsored cybe ...

Focus on Security: Special Cyber Security Briefing Event

PLEASE JOIN US ON FRIDAY, MARCH 24TH, 7:30 am -8:30 am Kerby Lane Round Rock, 2120 N Mays St, Round Rock, Tx for a BUSINESS OWNER AND LEADERSHIP BRIEFING on CYBER SECURITY ISSUES THAT ARE IMPACTING SMALL AND MID-SIZED BUSINESSES IN CENTRAL TEXAS Here’s why we think it’s important you attend: We’re seeing story after story of large corporations falling victim to cyber-attacks, but not enough attention is being placed on how small and mid-sized businesses are impacted at even greater freque ...

The Big Boys’ 2016 Cyber Security Reports

The "big boys" in cyber security have released their annual Cyber-Security reports, ugh or UGH.  Cyber security is so important now that some companies have jumped into the mix of providing a report.  AT&T released their first cyber-security report this year. Forbes has a great article by Steve Morgan, outlining all of the reports and providing links to download all of them.  I'll try to sum them all up in a short list here.  But, check Mr. Morgan's article out for more in-depth summaries and links ...

1 2 3