NIST Cybersecurity Framework Update
Jun14

NIST Cybersecurity Framework Update

The National Institutes of Standards and Technology (NIST) has announced that there will be a minor NIST Cybersecurity Framework update in early 2017. NIST sought suggestions from industry stakeholders over a period of two years since the NIST Cybersecurity framework was published. NIST issued a request for information (RFI) in December 2015 and received over 100 responses on best practices, Framework use, and suggestions for long...

Read More
Ransomware Attacks on US Businesses Soar
Jun06

Ransomware Attacks on US Businesses Soar

This year has seen an unprecedented number of ransomware attacks on US businesses. Healthcare providers have also been targeted, with medical services heavily disrupted as a result of ransomware infections. A recent report issued by Infoblox has confirmed the extent of the current ransomware epidemic and how much of a risk the malicious file-encrypting software poses for businesses. In the first quarter of the year alone, the number...

Read More
New CHIME Cybersecurity Center Tasked with Improving Healthcare Cybersecurity
May31

New CHIME Cybersecurity Center Tasked with Improving Healthcare Cybersecurity

The College of Healthcare Information Executives (CHIME) has announced it has created a new Cybersecurity Center and Program Office to assist healthcare organizations in the fight against cybercrime. The new office will be tasked with developing and sharing cybersecurity best practices, encouraging the sharing of threat information, and will be encouraging healthcare organizations to improve collaboration with each other and federal...

Read More
Final Precision Medicine Initiative Security Framework Released
May28

Final Precision Medicine Initiative Security Framework Released

The White House has released the final Precision Medicine Initiative security framework, which should be used by participating institutions to achieve the principles laid down in the Obama Administration’s Precision Medicine Initiative. The precision medicine initiative security framework contains a set of risk management guidelines which can be used to protect sensitive data and preserve data integrity. The 10-page framework may not...

Read More
Stronger Ransomware Protection for Hospitals Needed, says CHIME, AEHIS
May24

Stronger Ransomware Protection for Hospitals Needed, says CHIME, AEHIS

The College of Healthcare Information Management Executives (CHIME) and the Association for Executives in Healthcare Information Security (AEHIS) have issued a joint statement calling for stronger protections to be implemented by hospitals in light of the growing ransomware threat. At a hearing titled “Ransomware: Understanding the Threat and Exploring Solutions,” both organizations agreed that stronger hospital legislation is needed...

Read More
Ponemon Publishes Report on Privacy and Security of Health Data
May19

Ponemon Publishes Report on Privacy and Security of Health Data

The Ponemon Institute has released its annual report on the state of privacy and security of health data and found that for the second year running, cybercriminals are the main cause of healthcare data breaches. This is the sixth year that the Ponemon Institute has compiled its privacy and security of health data report and the data show that cybercriminal attacks are increasing steadily. When the first report was published six years...

Read More
IBM Announces Plans for Watson for Cyber Security Platform
May13

IBM Announces Plans for Watson for Cyber Security Platform

A cloud-based version of Watson’s cognitive computing technology will soon be used to process threat intelligence and provide insights on the latest cybersecurity threats. IBM has announced that the Watson for Cyber Security platform will be launched in the fall. The Watson for Cyber Security platform will be a year-long cybersecurity project, which will process around 15,000 security documents every month and will be programmed...

Read More
New Bill Introduced to Improve HHS Cybersecurity
Apr27

New Bill Introduced to Improve HHS Cybersecurity

A new healthcare cybersecurity bill has been introduced by members of Congress which aims to improve cybersecurity at the Department of Health and Human Services (HHS). The bill was introduced by two House Energy and Commerce Committee members: Rep. Billy Long (R-MO) and Rep. Doris Matsui (D-CA). The Committee had previously conducted an investigation to determine how cybersecurity could be improved at the HHS. The new legislation...

Read More
OIG Discovers 129 Medicare Healthcare Data Security Gaps
Apr26

OIG Discovers 129 Medicare Healthcare Data Security Gaps

The Department of Health and Human Services’ Office of Inspector General has recently published its annual review of the health IT security programs of Medicare Administrative contractors (MACs). A MAC is a private health care insurer that has been contracted by the Centers for Medicare and Medicaid Services (CMS) to process Medicare Fee-For-Service beneficiary Medicare Part A/Part B (A/B) claims and/or Durable Medical Equipment (DME)...

Read More
Majority of Health IT Security Execs Have Increased Spending on Data Protection
Apr19

Majority of Health IT Security Execs Have Increased Spending on Data Protection

A recent study conducted by data security firm Vormetric indicates 60% of healthcare IT security executives have increased their data protection budgets. New data security tools will be implemented by 46% of respondents to ensure their organizations are able to catch up with healthcare industry best practices. For the study, Vormetric polled 1,100 senior healthcare IT security executives. Virtually all respondents – 96% – said...

Read More
The Hidden Cost of Pagers in Healthcare
Mar31

The Hidden Cost of Pagers in Healthcare

Numerous studies have been conducted on the cost of HIPAA-compliant alternatives to the pager, yet little research has actually been conducted on the actual cost of pagers in healthcare. Pager use is in steep decline. Pager services are being dropped by telecoms companies due to the lack of demand. Most industries have retired pagers long ago and have switched to smartphones. However, the healthcare industry lags behind. Pagers are...

Read More
NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued
Mar03

NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued

The Department of Health and Human Services’ Office for Civil Rights has issued a crosswalk between the NIST Cybersecurity Framework and HIPAA Security Rule to help covered entities assess whether there are any gaps in their compliance programs. NIST Cybersecurity Framework and HIPAA Security Rule Crosswalk Issued By OCR The crosswalk between the NIST Cybersecurity Framework and HIPAA Security Rule was developed in conjunction with...

Read More
Healthcare Data Breach Litigation Case Has Standing Based on Data Exposure Alone
Jan12

Healthcare Data Breach Litigation Case Has Standing Based on Data Exposure Alone

Healthcare data breach litigation usually requires plaintiffs to provide evidence that a breach of their Protected Health Information (PHI) has resulted in them coming to harm or suffering loss or injury as a result of the exposure of their data. At the very least, breach victims must be able to demonstrate that their PHI has at least been viewed by an unauthorized individual, and that the exposure of their PHI has placed them at an...

Read More
St. Louis Cardinals Hacking Scandal: Former Scouting Director Pleads Guilty
Jan09

St. Louis Cardinals Hacking Scandal: Former Scouting Director Pleads Guilty

There has been a new twist in the St. Louis Cardinals hacking scandal – A former scouting director has recently pleaded guilty to accessing Houston Astros player data and other sensitive information without authorization. Players’ medical data was accessed and used to gain a competitive advantage. The data were accessed over a period of years according to prosecutors. The St. Louis Cardinals hacking scandal came to light last summer...

Read More
Healthcare Cybersecurity Market to Reach $10.85 Billion by 2022
Dec10

Healthcare Cybersecurity Market to Reach $10.85 Billion by 2022

Major cyberattacks have occurred. Huge data breaches have been suffered. Almost 113 million healthcare records have been exposed so far in 2015. Understandably healthcare providers and insurers are now committing more funds to improving cybersecurity defenses and the healthcare cybersecurity market is exceptionally strong. Healthcare Cybersecurity Market to Reach $10.85 billion by 2022 A new report recently issued by research and...

Read More
Hospital Use of Two-Factor Authentication Solutions
Dec09

Hospital Use of Two-Factor Authentication Solutions

The results of a study on the use of two-factor authentication solutions by non-federal acute care hospitals have recently been published by the Office of the National Coordinator for Health Information Technology. The analysis of ePHI security protection trends showed that just under half of hospitals are now using two-factor authentication solutions to ensure the electronic Protected Health Information (ePHI) of patients is...

Read More
Healthcare Secure Messaging Offers Many Benefits
Nov27

Healthcare Secure Messaging Offers Many Benefits

Implementing a healthcare secure messaging solution will help to ensure that privacy breaches are avoided. HIPAA regulations prohibit the sending of Protected Health Information (PHI) over open, unencrypted mobile networks. Should a physician or other healthcare professional send a text message containing PHI, HIPAA rules will be violated. The Department of Health and Human Services’ Office for Civil Rights (OCR) may not currently be...

Read More
Breaches of PHI Are Not Specific to Healthcare
Nov20

Breaches of PHI Are Not Specific to Healthcare

Breaches of PHI are not specific to the healthcare industry, according to a new study conducted by Verizon Enterprise Solutions. PHI data breaches are actually suffered by the majority of organizations; but they are just not as widely reported in other industry sectors. The study looked at breaches of PHI that have been suffered by healthcare and non-healthcare organizations from 20 different industry sectors in 25 different...

Read More
Mobile Security Threats Increasing Says Kaspersky Lab
Nov06

Mobile Security Threats Increasing Says Kaspersky Lab

The number of mobile security threats is increasing, according to a recent security report issued by Kaspersky Labs, one of the leading providers of anti-virus software. The company has just released its threat evolution report for Q3, which details a significant increase in new malware and installation packages. The number of new installation packages was 1.5 times higher than the corresponding period in 2015. The malicious software...

Read More
Are IT Professionals Underestimating the Probability of a Cyberattack?
Nov03

Are IT Professionals Underestimating the Probability of a Cyberattack?

Probability of A Cyberattack Being Suffered is Underestimated by IT Security Professionals New data released by the Ponemon Institute suggests that IT security professionals may be underestimating the probability of a cyberattack occurring. More than half of IT professionals surveyed believed the probability of a cyberattack occurring was low and that they were relatively safe and would not be targeted by hackers. The latest Ponemon...

Read More
Benefits of Texting Patients Include Improved Risk Profiles
Oct13

Benefits of Texting Patients Include Improved Risk Profiles

Something as simple as sending a text message to a patient can have a profound impact on that individual’s health, according to a recent study published in the Journal of the American Medical Association. There are many benefits of texting patients according to the new study. Study Highlights the Health Benefits of Texting Patients Increasing the level of exercise taken, stopping smoking, cutting back on alcohol consumption and making...

Read More
Average Cost of Cyber Crime Resolution Continues to Increase
Oct11

Average Cost of Cyber Crime Resolution Continues to Increase

Cyber crime is costing the healthcare industry dearly, and that cost continues to rise. According to the latest survey released by the Ponemon Institute, the average cost of cyber crime resolution has risen again this year. The cost of resolving criminal attacks, data theft and resultant data loss, now costs 82% more than it did when the first Ponemon Institute Cost of Cyber Crime Study was released in 2010. Average Cost of Cyber...

Read More
FDA to Allocate More Resources to Assess High Risk Healthcare Mobile Apps
Sep05

FDA to Allocate More Resources to Assess High Risk Healthcare Mobile Apps

There is considerable potential for mHealth apps to have a positive impact on the care provided to patients, although they also carry a risk of violating patient privacy and even causing patients to come to harm. To better protect the privacy of patients and improve safety, the FDA and other government bodies will be stepping up their efforts to reduce the risk to patients, in particular by taking action to ensure mHealth apps are...

Read More
Current State of Healthcare Data Security
Jul06

Current State of Healthcare Data Security

A new report has been released by Veracode comparing government mobile application security with other industries, with the report giving an insight into the state of healthcare data security; or perhaps the state that healthcare data security is in would be a better way of phrasing it. Veracode assessed the total number of mobile app security vulnerabilities discovered against those that had been addressed and the healthcare industry...

Read More
New Survey Explores Healthcare Cybersecurity Attitudes
Jul02

New Survey Explores Healthcare Cybersecurity Attitudes

Healthcare cybersecurity attitudes are changing. Not as fast as the threat landscape is, but most healthcare professionals now appreciate the risks, understand the current threat level and also how difficult it is to keep data 100% secure. Physicians and health IT professionals often don’t see eye to eye. IT staff must ensure data is secured and networks are protected, whereas physicians are in the business of treating patients. Often...

Read More
C-Suites Choosing to Outsource Healthcare Cybersecurity
Jun12

C-Suites Choosing to Outsource Healthcare Cybersecurity

According to the results of a new study, it is becoming increasingly common for HIPAA-covered entities to outsource healthcare cybersecurity to private firms, although not necessarily by choice. Third party specialists in cybersecurity are the only option due to a current lack of skilled staff. The rise in cybercrime has left a gap in the labor market and there are simply not enough candidates for the number of positions available....

Read More
2015 Cost of Data Breach Study Released
May28

2015 Cost of Data Breach Study Released

The Ponemon Institute has released a new report on the cost of data breaches around the world. The Cost of Data Breach Study: Global Analysis, a study sponsored by IBM, looks at the financial implications of a data breach on organizations, and explores the different factors which affect the cost. The study involved 350 companies from 11 countries: Australia, Brazil, Canada, France, Germany, India, Italy, Japan, United Kingdom, the...

Read More
Breach Response Best Practices Guide Released by DOJ
May06

Breach Response Best Practices Guide Released by DOJ

The Cybersecurity Unit of the Department of Justice has released new guidance and breach response best practices to help organizations prepare for security breaches. It is essential that any holder of personal information on consumers knows the correct victim response and how, where and when to report data breaches. The guidelines are not specifically aimed at the healthcare industry, although they are relevant. Healthcare providers...

Read More
Healthcare Mobile Apps Reduce Costs and Improve Care
Apr25

Healthcare Mobile Apps Reduce Costs and Improve Care

According to a survey conducted by the Healthcare Information and Management Systems Society, healthcare mobile apps and mobile technology in general have offered multiple benefits.  The Healthcare Information and Management Systems Society also chose the HIMSS 2015 conference to announce the results of a survey conducted on 238 healthcare IT professionals in which they were asked about the use of mobile technology by their employers....

Read More
Protecting Cyber Networks Act (PCNA) Passed By House of Representatives
Apr24

Protecting Cyber Networks Act (PCNA) Passed By House of Representatives

The Protecting Cyber Networks Act (PCNA) has been passed by the House of Representatives, taking the bill one step closer to becoming legislation. The Act must now go before congress for the vote. If passed it will be written into the legislation. Majority in Favor of the Protecting Cyber Networks Act When the bill went to the House of Representatives there were some protests over privacy issues surrounding the bill, and even on the...

Read More
New Healthcare Data Security Study Released
Apr17

New Healthcare Data Security Study Released

A new healthcare data security study has been published in the JAMA (The Journal of the American Medical Association) which confirms that the number of healthcare data hacking incidents is indeed on the rise. Kaiser Permanente Healthcare Data Security Study Shows Healthcare Hacks Have Doubled in 12 Months The latest healthcare data security study was conducted by Kaiser Permanente, an integrated managed care consortium, based in...

Read More
Healthcare Data Hacking Incidents Rise in March 2015
Apr01

Healthcare Data Hacking Incidents Rise in March 2015

According to breach reports submitted to the Office for Civil Rights via its new breach reporting portal, healthcare data hacking incidents in March 2015 rose considerably month on month. In spite of the high profile data breaches that have dominated the healthcare industry news headlines, hacking incidents in 2015 have been relatively low – or detection rates have been low in the very least. Healthcare Data Hacking Incidents...

Read More
2014 Medical Identity Theft Report: Identity Fraud Increases by 21.7%
Feb23

2014 Medical Identity Theft Report: Identity Fraud Increases by 21.7%

Ponemon Institute Releases 2014 Medical Identity Theft Report The Ponemon Institute Medical Identity Theft Report is prepared each year and gives an important insight into the extent of medical and identity fraud in the United States, as well as the impact it is having on patients. This year’s results paint a worrying picture, as cases of medical identity fraud have increased 21.7% year on year. 2014 was a year for major data...

Read More
Big Data Legislative Changes Necessary to Protect Patient Privacy
Jan16

Big Data Legislative Changes Necessary to Protect Patient Privacy

In December last year, the Health IT Policy Committee’s Privacy and Security Workgroup met twice to discuss potential big data legislative changes. The impact big data is having – and will continue to have – on the healthcare industry has raised a number of issues, of which privacy and security of healthcare data is a major concern. By the end of this series of workshops the committee hopes to have produced a list of recommendations...

Read More
Healthcare Cybersecurity in 2015 to be a Top Priority Says CHIME
Jan14

Healthcare Cybersecurity in 2015 to be a Top Priority Says CHIME

According to CHIME, the College of Healthcare Information Management Executives, healthcare cybersecurity in 2015 will be a top priority; with the organization believing that the coming year will see a host of positive changes made that will address many of the cybersecurity issues currently being faced by the healthcare industry. One of the main aims over the course of the next 12 months is to improve access to healthcare data for...

Read More

New Mobile Data Security Study Published

A new mobile data security study has been published that suggests that there is a market for the provision of an increased range of security products for mobile devices in both the USA and the UK. In both countries consumers are concerned about the data that is stored on mobile devices. The mobile data security study was conducted on behalf of Inhance Technologies by iReach Insights. It consisted of a comparative analysis of data...

Read More

Healthcare Attack Surface Growth will Increase Breach Risk

Healthcare attack surface growth is a major reason why healthcare data breaches in 2014 will be higher than in any past year, according to a new report from Experian. The 2014 Data Breach Industry Forecast paints a worrying picture for healthcare industry data security, and suggests the industry is particularly vulnerable to attack. Furthermore, the data held on patients carries a high value on the black market, and there are plenty...

Read More

Healthcare Network Security Tips

Healthcare organizations have to implement a broad range of controls to ensure Protected Health Information (PHI) and Personally Identifiable information (PII) is kept secure; recently computer networks have come under scrutiny with this in mind we have listed some basic healthcare network security tips. The tips are based on Health Resources and Services Administration (HRSA) recommendations, which can help healthcare providers avoid...

Read More

Common Healthcare BYOD Mistakes to Avoid

To implement a BYOD scheme or not; that is the question for many CIOs and CISOs: Get it right and a healthcare organization can greatly benefit; commit some of the following common healthcare BYOD mistakes and even the best laid plans can go to waste. The benefits of healthcare ‘Bring your Own Device’ schemes are numerous; however if errors are made they can ruin any BYOD scheme, and can lead to severe penalties from regulatory...

Read More
Health Industry BYOD Security is Now Easy to Manage
May15

Health Industry BYOD Security is Now Easy to Manage

CISOs and CIOs are realizing that mobile phone use in healthcare is as essential. Healthcare professionals use the devices when they are not working, and they want to continue to get the benefits when the go to work. The speed at which mobile devices can be used to communicate with others; access information; schedule meetings; and receive advice makes most healthcare communication systems seem positively prehistoric. BYOD schemes...

Read More

Control is the Key to Healthcare BYOD Security

Many CISOs, CIOs and IT heads consider the healthcare BYOD security challenges to be too problematic, and shy away from implementing such a scheme. The benefits many be numerous, but the costs of data breaches cannot be ignored. Especially when there is a high risk of a data breach. According to a recent study – BYOD Insights 2013 – from the Cisco Partner Network, only 36% of respondents believed that their employer would be prepared...

Read More

Study Indicates Healthcare Data Breach Preparedness Issues

Handling healthcare security goes beyond just the technical side, as privacy and security compliance is critical to both data breach prevention and response plans. Experian Data Breach Resolution and the Ponemon Institute released a report today, titled Is Your Company Ready for a Big Data Breach?, that is composed of responses from mainly health and pharmaceutical privacy and compliance professionals as well as those from retail and...

Read More

Healthcare Data Breach Preparedness Study Raises Concerns

A new study released by Experian Data Breach Resolution & the Ponemon Institute has raised a number of concerns about healthcare data breach preparedness. The study – Is Your Company Ready for a Big Data Breach? – was primarily conducted on healthcare and pharmaceutical industry professionals with responsibility for privacy, security and compliance with state and federal regulations. Key figures in the retail and financial...

Read More
2012 Ponemon Institute Data Security Study Released
Dec14

2012 Ponemon Institute Data Security Study Released

As the year draws to a close, it is a time to reflect on the lessons learned during 2012 regarding HIPAA compliance and dealing with healthcare data breaches. This year the pilot round of HIPAA-compliance audits was completed, indicating the sorry state of healthcare data security. There is clearly a lot to be done in 2013 to bring data security up to the minimum standards laid down by the Health Insurance Portability and...

Read More