Healthcare Information Security

Healthcare Information Security Interviews

What’s at Stake with Healthcare IoT and Cloud? Unnecessary Risk

by Jessica Davis

The healthcare sector continues to adopt IoT technologies and move into the cloud at a rapid pace. But while these technologies support a value-based care model and can improve patient care, the tools can pose serious risks that organizatio...“Organizations are still struggling with the holistically appropriate way to integrate IoTs,” said Hesse. But IoT integration can’t be avoided and asking if it’s necessary is a “moot point because it’s ha...Most recently, Aetna settled with California over its 2017 privacy breach. The insurer had already settled with Connecticut, Washington, New Jersey, and Washington, D.C., after a lawsuit settlement with those impacted. “They’re ...

How Multi-Factor Authentication Can Combat Phishing, Cyberattacks

by Jessica Davis

Healthcare has been steadily moving into consumerization, as the industry shifts into value-based care and patients demand easier access to their data. At the same time, cyber threats and hackers have increased in sophistication, continuing...In response to these mass phishing campaigns, Vanderbilt University Medical Center is currently undergoing a security overhaul by implementing multi-factor authentication to every tech platform within its network. The Need for Greater Acces...MFA should be considered a tool for plugging more holes in the attack surface, Benson said. “It’s critical, as there are so many security vulnerabilities, one level isn’t enough.” Organizations first need to employ t...Benefits, Challenges, and Supporting Tools To Benson, the benefit is clear: MFA keeps data safer with multiple layers of defense. “If you’re protecting your house, it wouldn’t make sense to just look through the window to ...

The Hits and Misses of HHS Healthcare Cybersecurity Guidelines

by Jessica Davis

The Department of Health and Human Services released a four-volume set of cybersecurity guidelines for the healthcare sector last month, which was applauded by many for its extensive breakdown of both risks and mitigations. Drafted in partn...The details around mitigations were also a really good primer on how to deal with risks, said Widup. And the security metrics section broke down how and what to measure. At the moment, either organizations don’t measure what’s g...But for Stevens, the real loss with the guidance was that mobile security was omitted by officials. For example, HHS addressed the continued threat phishing poses to the sector. However, it addressed as an email-related threat to desktops o...Organizations should also consider visibility into those and potentially cutting off those devices from the network that the security teams doesn’t have permission to access, he explained. “It’s saying, ‘I don’...

Improving Medical Device Security Beyond Patching, Traditional Tools

by Jessica Davis

Medical device security was thrust into the spotlight in 2018, as the Food and Drug Administration continued to bolster its cybersecurity program. In fact, an August MedCrypt report found that since the FDA released its cybersecurity guidan...In the top five cyber threats to healthcare, medical devices were listed in its own category – that brings some much needed awareness to the issue. Patient Safety Risk Given that an earlier MedCrypt study found that between 100 to 1,0...Also adding to the problem is that many hospitals struggle with understanding what devices they have on the network, she added. “But on the manufacturer’s side, they struggle with how you get updates out to people,” said D...For example, to find these issues traditionally you’d use a digital “poke” to see what it is and its capabilities. But Domas explained that it’s not safe to do on a medical device. “Device identification is har...

Could HIPAA be Repealed, Replaced with a Unified Federal Privacy Law?

by Jessica Davis

The Information Technology and Innovation Fund is recommending a repeal of privacy regulations across the U.S., including HIPAA, to replace the patchwork of federal laws with a unified approach. Among its recommendations, ITIF is calling fo...There are those who want to replace HIPAA, as it’s not doing enough in the digital world. Technology has outpaced the policy and it hasn’t done enough with its updates to address privacy concerns, he explained. “HIPAA does...These proposed laws solidify ITIF’s point: Everyone needs to be on the same page. “If Congress passes data privacy legislation, its key task will not be to maximize consumer privacy, but rather to balance competing goals such as...In response, ITIF took on some of the more burdensome rules in its proposal, McQuinn explained. “The goal of data privacy legislation should therefore not be to myopically maximize consumer privacy, but to maximize consumer welfare,&r...

Where Does AI Automation Fit Into Health Data Security?

by Jessica Davis

The 2017 Health Care Industry Cybersecurity Task Force report painted a damning picture of cybersecurity in healthcare, including the discovery that three out of four hospitals operate without a designated security leader. Those providers h...In fact, the Ponemon report found that automating may be compounding the security skills gap issue. About 76 percent of IT and security professionals believe that machine learning and artificial intelligence tools and services aggregate the...When grilled by state senators as to why the breach went undetected for months, Joanna Clyborne, Minnesota IT Services Commissioner boiled the issue down to timeliness and a lack of resources, along delays in forensics backlogs. “The ...

Reduce Employee Email Risk by Taking Decisions Away from Users

by Jessica Davis

Employees and human error often top the list as the healthcare sector’s biggest threat. Considering they are the catalyst for clicking malicious links, engaging with targeted phishing campaigns and mistakenly sending emails to the wro...Data Sharing Best Practices Data like reports, clinical results, diagnostics, and other sensitive data require built-in security, Bower explained. “Unfortunately, the way healthcare organizations share data today is with more clunky, ...As a result, plenty of this data remains dormant in email accounts. As seen in several recent breaches caused by phishing attacks, leaving patient data in emails is a serious risk. “Most organizations today have built security strateg...Those tools that bolster security around data sharing are crucial to streamlining data that proves and organization is meeting regulations, as it make it simple to report with snapshots on where the sensitive data has gone, who has accessed...

Biggest Challenges, Lessons Learned from Health Cybersecurity in 2018

by Jessica Davis

The cybersecurity issues faced by the healthcare sector in 2018 aren’t much different from those in recent years. However, hackers are increasing in sophistication and steadily improving success rates. The year started off with a bang...But a similar phishing attack on Minnesota’s Department of Health and Human Services, where a breach of 21,000 patient records went undetected for more than a month, revealed some of the biggest reasons why email hacks continue and wi...And that doesn’t include the long line of other organizations that have reported ransomware attacks, especially in recent months. While these attacks are notable, the decline in ransomware from 2016 is significant. It’s good new...While Dameff said these scenarios are low, that’s not a reason to address it. In fact, Finn explained that in July, a medical device was hacked in Russian during a pediatric surgery. The hack took out a medical device in the operating...Patient Privacy In May, the EU General Data Protection Regulation went into effect, which is relevant to those US health organizations that care for EU patients on a routine basis. However, to Corinne Smith a healthcare attorney with Clark ...

How to Build a Balanced Healthcare Cybersecurity Budget

by Jessica Davis

The majority of healthcare security stakeholders agree that cybersecurity budgets are underfunded. And frankly, health organizations aren’t keeping pace with hackers who are continuously improving in sophistication. Data security prog...The remaining 20 percent of the budget should focus on disaster recovery and business continuity. “One thing to note here is that it’s all talking about the technologies: I haven’t brought in people. These buckets help out...But just how often should an organization assess its vendors and tools? “Everyone’s situation is of different: posture is different, the environment is different,” said Mookencherry. “It depends on the size of organi...Those details should be combined with the cost of regulations, payments, intellectual property and brand reputation. Mookencherry explained that organizations also have “obligations for trying to understand how you’re going to i...

Iron-Clad HIPAA, EULAs; But Can a Dispute Put Patient Data at Risk?

by Jessica Davis

A recent breach notification has left many scratching their heads. Key Dental Group notified patients their data was potentially breached when an EMR vendor allegedly refused to return a patient database. In the notification, the Florida-ba...The vendor did not contact Heinicke about the database, including the transfer to the purchaser, “ultimately terminating the EULA with Key Dental Group and then refusing to provide the database back to KDG upon demand, as was KDG'...

Building a Secure Vendor Relationship with Inventory, Management

by Jessica Davis

The healthcare sector has been a primary target of hackers for more than a year, and the attacks continue to increase in sophistication. While many providers have adjusted their security posture in attempt to shore up some of these threats,...

Healthcare’s Dependence on Fax Machines Poses Risk to Health Data

by Jessica Davis

While the healthcare sector has some of the most advanced technology available, it’s oft perplexing to discover that about 75 percent of all healthcare communications are still processed by the antiquated fax machine. Security researc...The goal, CMS Administrator Seema Verma said at ONC’s Interoperability Forum, was to develop a free flow of information between patients, insurers and healthcare providers. In doing so, she encouraged developers to create an alternati...

Partnership Uses Blockchain Technology To Secure Fertility Data

by Fred Donovan

A partnership between Donor Concierge and ALTR will use blockchain technology to secure health data and patient privacy for FRTYL, a service that links fertility agencies and clinics with parents seeking infertility treatments. ALTR’s...

Smart Wristband Raises Health Data Security, Privacy Concerns

by Fred Donovan

Rutgers University researchers have created a new smart wristband with a biosensor that can count particles in the user’s blood and transmit that data via Bluetooth to a nearby smartphone. While this technology could have a major impa...

For ASCs, Size Matters When It Comes to Healthcare Cybersecurity

by Fred Donovan

For ambulatory surgery centers (ASCs), healthcare cybersecurity challenges and responses are different depending on the size of the operation, observed Tom Hui, founder of SurgiCenter Information Systems and CEO of HSTpathways. Hui noted th...In the interview, Hui also touched on the issue of medical device security in ASCs. These devices generate and transmit lots of data over the local network. That data is usually not encrypted. “The data is only as safe as the network ...

How Does HIPAA Apply to Wearable Health Technology?

by Fred Donovan

The use of wearable health technology is expected to expand substantially within the next few years. Wearable devices offer many health tracking capabilities, including measuring heart rate, number of steps taken per day, and glucose and ac...

Helping Struggling Hospitals Recover from Ransomware Attacks

by Fred Donovan

The biggest cybersecurity issue for hospitals is response and recovery from ransomware attacks, observed Fernando Martinez, senior vice president and chief digital officer at the Texas Hospital Association and president/CEO of Texas Hospita...The Texas Hospital Association has developed a simulated phishing email service for its member hospitals to train them on how to spot phishing emails and avoid falling for those exploits. The association partners with companies that can hel...

Applying Inogen Data Breach Lessons to Healthcare Providers

by Fred Donovan

The recent Inogen data breach, in which hackers were able to penetrate an employee’s email account, highlights the need for healthcare organizations to use multifactor authentication (MFA) to control access and to get robust cybe...

Preparing for a Potential Healthcare Data Breach Investigation

by Elizabeth Snell

A current and comprehensive risk management plan, including a good auditing process, will be critical for organizations that must deal with a healthcare data breach investigation. Covered entities and business associates will be better able...

Uber Health Prioritizes Patient Data Security, HIPAA Compliance

by Elizabeth Snell

Ridesharing company Uber launched a platform in March 2018 that aimed to provide more transportation options to patients. Individuals can use Uber Health to get a ride to their provider, while being reassured that HIPAA compliance remains a...


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...