Contact tracing app initiatives have emerged in the wake of the COVID-19 pandemic, as a modern enhancement to traditional methods for tracking the spread of the virus, finding new infections, and supporting the reopening of the economy....However, it is crucial people have an understanding of what they’re giving up in exchange for participation and its benefits. For Valdetero, those risks are tied to apps that allow you to identify particular users through the...Right now, Congress is considering competing legislation designed to shore up some of these issues and ensure collection ends after the pandemic, but Federman mused: “How do we know that it’s actually going to happen?”...Those surveillance concerns have stemmed from instances in the UK and India, where Coleman said its citizens have experienced unprecedented watchdog scrutiny. While the US has broader freedoms, without a federal privacy law,...And with the widespread adoption of Bluetooth-based contact tracing apps, the number of Bluetooth-activated devices would also increase – as would the risk surrounding existing Bluetooth vulnerabilities, explained Smith. There are...
Successful ransomware attacks on the US healthcare sector are in decline with just 25 providers impacted during the first quarter of 2020, compared to a total of 764 events, or an average of 191 per quarter, in 2019, according to the latest...
The week COVID-19 was declared a national emergency, several media outlets reported some hacking groups vowed to stop targeting the healthcare sector during the pandemic. At the same time, the majority of businesses shifted employees into...
The COVID-19 pandemic has rapidly expanded the use of telehealth, telemedicine, remote work, and bring-your-own-device, both on-site and remote in the healthcare sector. But while some outlets have reported hackers have vowed not to target...Identity Authentication From an institution standpoint, the use of continuous identity authentication will be critical during the crisis. Gordon explained this can be accomplished in several ways, but the most common is multi-factor...The tool allows organizations to not only authenticate the user, but also the device their using and its security posture. Organizations need to craft the minimum security requirements for the device and communication methods, which will...For Gordon, several VPN platforms can provide both MFA and endpoint compliance, while ensuring protected connectivity “where you’re encrypting communication session between the device and the data between the...
Hacking groups are targeting healthcare in full force, with the World Health Organization and Hammersmith Medicines Research (HMR), a UK-based research team on standby for developing a COVID-19 vaccine, reporting they were both...
A recent study from Kantar shows that privacy and security concerns are hindering patients’ willingness to use health technology, such as patient portals to improve their care. And while many in healthcare are embracing new...3. Multifactor verification is a must After patients have signed up to access the portal, using multifactor verification can ensure all future sessions are equally secure. For example, two-factor authentication adds additional...In addition, a relatively new approach but very beneficial is to set up “deception grids,” which are tools that set up fake systems. If a criminal got past the perimeter defenses and is inside, he/she has multiple systems to...
Last week, NRC Health became the latest vendor to report it fell victim to a ransomware attack, which locked the company out of its computer systems as it worked to recover. Given its massive list of healthcare clients, the cyberattack...Right now, it’s unclear what data was precisely impacted or what the company is actually maintaining or creating in terms of data. But Holtzman stressed that NRC shouldn’t be singled out, as it’s just part of the overall...The reports should detail the precise incident that occurred, the steps the vendor took during their investigation, a forensic analysis of the systems impacted by the security event, an inventory of the data that belongs to the provider,...“The fact is the HIPAA breach notification rule and many state laws classify unauthorized access to health information or other sensitive, consumer personally identifiable information, as a breach,” he said. “So, I...
Recent reports have shown the hacking group behind Maze ransomware has been steadily posting the data of its victims online after the organizations fail to pay the ransom demand. A compiled list of victims shows the data of several...
The healthcare sector relies on a vast number of third-party vendors, supply chain businesses, and other business associates to ensure relatively seamless care transactions. But with each transaction and added vendor, the threat landscape...Further, providers need to understand which of its BAs use subcontractors and the services they provide to their business associate. Organizations will also need confidentiality agreements with vendors that do not qualify as business...Under the “Implement Safeguards” section:Lastly, under “insurance” section, organizations should ensure the following language is incorporated into the contract:“The HIPAA Breach Notification Rule, 45 CFR §§ 164.400-414, requires HIPAA covered entities and their business associates to provide notification following a breach of unsecured PHI,” Mookencherry explained. “For...
Microsoft will end its support for Windows 7, Windows Server 2008, and 2008 R2 on January 14, marking the end of regular security updates. Given that 56 percent of healthcare still rely on Windows 7, the impact for failing to transition...At the end of the day, the main risk is really to patient care and patient safety. Even when providers have emergency plans in place, Hewitt also noted that younger physicians and staff have a difficult time going back to manual ways. For...
The past year in health IT security was one of the worst seen in recent years, with multiple breaches each impacting several millions of patients. Patients are also growing increasingly aware of their data privacy rights through HIPAA and,...Will these trends continue – or perhaps worsen – in 2020? What do you see on the horizon for the coming year? In 2020, I believe we’re going to continue to see increased awareness of data breaches from patients, which will...
The last few months of cyberattacks, especially ransomware incidents, demonstrated healthcare providers aren’t fully prepared for the new age of sophisticated threats. As the Department of Homeland Security alerts to the...Healthcare has grown increasingly comfortable with leveraging the fallback option of paying the ransom for these types of attacks. Consider the most recent LifeLabs breach of 15 million, where officials admit they worked with cybersecurity...The sector has already seen two massive cyberattacks in the last few months that mirror this “hypothetical” scenario. Hundreds of dental offices and nursing homes were unable to see patients after a cyberattack on their IT...
The use of wearable health technology is expected to expand substantially within the next few years. Wearable devices offer many health tracking capabilities, including measuring heart rate, number of steps taken per day, and glucose and...
