LuxSci Demonstrates Commitment to Privacy and Security by Achieving HITRUST Certification
Oct23

LuxSci Demonstrates Commitment to Privacy and Security by Achieving HITRUST Certification

LuxSci, the Massachusetts-based provider of HIPAA-compliant email communications services, has announced it has achieved HITRUST CSF Certification. The HITRUST Common Security Framework (CSF) is a comprehensive, certifiable framework for organizations that create, access, store, or transmit sensitive and regulated data.  The HITRUST CSF consists of a prescriptive set of scalable controls that confirm to multiple regulations and standards, including those of the Health Insurance Portability and Accountability Act (HIPAA) Security Rule and the ISO/IEC 27000-series. Through the incorporation of federal and state regulations, standards, and frameworks, and using a risk-based approach, the HITRUST CSF helps organizations address compliance challenges and implement safeguards to ensure the confidentiality, integrity, and availability of sensitive data. HITRUST CSF Certification is the gold standard for security and the most widely adopted cybersecurity framework in the healthcare industry. LuxSci adopted the HITRUST CSF and applied its principles and controls to its entire fleet of...

Read More
Webinar: Confronting Critical Communication and Safety Gaps in Healthcare
Oct23

Webinar: Confronting Critical Communication and Safety Gaps in Healthcare

Earlier this year, HIPAA Journal readers were invited to take part in the 2020 Healthcare Emergency Preparedness and Security Trends Survey conducted by Rave Mobile Safety. On November 12, 2020, Rave Mobile Safety will be hosting a webinar in which the findings of the survey will be revealed. The survey was conducted on 295 healthcare professionals and explored the top critical communication and safety challenges healthcare providers are facing today. This year, the 2019 Novel Coronavirus – SARS-CoV-2 – has had a major impact on healthcare providers and continues create challenges for hospitals, clinics, and doctor’s offices. Healthcare providers have been forced to adopt new protocols to ensure the health and safety of patients and staff, but the survey showed that there were many communication and safety challenges in healthcare even before the pandemic, and those challenges could be affecting the emergency response. During the webinar Rave Mobile Safety will discuss the key findings from the survey and will explore the new protocols that now need to be adopted by healthcare...

Read More
FDA Approves Tool for Scoring Medical Device Vulnerabilities
Oct23

FDA Approves Tool for Scoring Medical Device Vulnerabilities

The FDA has approved a new rubric designed by the MITRE Corporation for assigning Common Vulnerability Scoring System (CVSS) scores to medical device vulnerabilities. The CVSS was designed for assigning scores to vulnerabilities in IT systems according to their severity, and while the system works well for many IT systems, it is less well suited to scoring vulnerabilities in medical devices. When vulnerabilities are discovered in medical devices, device manufacturers use the CVSS as a consistent and standardized way of communicating the severity of a vulnerability to the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and other agencies. The scores are used by IT teams in hospitals and clinics for prioritizing patching and software updates. If a vulnerability has a score of 9.0, it naturally takes priority over a vulnerability with a CVSS score of 3.0, for instance. However, CVSS base scores do not adequately reflect the clinical environment and potential patient safety impacts. To address this issue, the FDA contracted the...

Read More
Vulnerabilities Identified in B. Braun OnlineSuite and SpaceCom
Oct23

Vulnerabilities Identified in B. Braun OnlineSuite and SpaceCom

Several vulnerabilities have recently been identified in B. Braun products used by healthcare organizations in the United States. B.Braun OnlineSuite Three vulnerabilities have been identified in B. Braun OnlineSuite, a clinical IT solution for creating and sending drug libraries and managing infusion devices and other medical equipment. If exploited, an attacker could escalate privileges, upload and download arbitrary files, and remotely execute code. The most serious flaws are a relative path traversal vulnerability – CVE-2020-25172 – which allows uploads and downloads of files by unauthenticated individuals, and a remote code execution vulnerability – CVE-2020-25174 – which allows a local attacker to execute code as a high privileged user. The flaws have been assigned CVSS v3 base scores of 8.6 and 8.4 out of 10. An Excel macro vulnerability – CVE-2020-25170 – has also been identified in the export feature, caused by the mishandling of multiple input fields, which has been assigned a CVSS v3 base score of 6.9. The flaws are present in OnlineSuite AP 3.0 and earlier....

Read More
September 2020 Healthcare Data Breach Report: 9.7 Million Records Compromised
Oct22

September 2020 Healthcare Data Breach Report: 9.7 Million Records Compromised

September has been a bad month for data breaches. 95 data breaches of 500 or more records were reported by HIPAA-covered entities and business associates in September – A 156.75% increase compared to August 2020. Not only did September see a massive increase in reported data breaches, the number of records exposed also increased significantly. 9,710,520 healthcare records were exposed in those breaches – 348.07% more than August – with 18 entities suffering breaches of more than 100,000 records. The mean breach size was 102,216 records and the median breach size was 16,038 records. Causes of September 2020 Healthcare Data Breaches The massive increase in reported data breaches is due to the ransomware attack on the cloud software company Blackbaud. In May 2020, Blackbaud suffered a ransomware attack in which hackers gained access to servers housing some of its customers’ fundraising databases. Those customers included many higher education and third sector organizations, and a significant number of healthcare providers. Blackbaud was able to contain the breach; however, prior...

Read More