Malicious Code on Mission Health E-Commerce Websites Potentially Stole Financial Data for 3 Years
Oct18

Malicious Code on Mission Health E-Commerce Websites Potentially Stole Financial Data for 3 Years

Mission Health in Western North Carolina has discovered malicious code has been installed on its e-commerce websites that were used by patients to purchase health products. The malicious code was capable of capturing payment information as it was entered on the websites. That information was then sent to an unauthorized third party. The breach was discovered by Mission Health in June 2019. The breach investigation revealed the malicious code had been inserted into the genuine code of the website three years previously in March 2016. The affected websites were taken offline and are being rebuilt. At the time of writing, those websites are not operational. Only limited information about the breach has been released and there is currently no substitute breach notification letter on the Mission Health website. It is unclear how the breach was discovered. Typically, when credit card information is stolen, credit card firms trace fraudulent activity back to a specific retailer or website and advise the company that their systems have been compromised. In such cases, the fraudulent...

Read More
Roger Severino Gives Update on OCR HIPAA Enforcement Priorities
Oct17

Roger Severino Gives Update on OCR HIPAA Enforcement Priorities

Roger Severino, Director of the HHS’ Office for Civil Rights, has given an update on OCR’s HIPAA enforcement priorities at the OCR/NIST 11th Annual HIPAA Conference in Washington D.C. Severino confirmed that one of OCR’s top policy initiatives is still enforcing the rights of patients under the HIPAA Privacy Rule and ensuring they are given timely access to their health information at a reasonable cost. Under HIPAA, patients have the right to view and check their medical records and obtain a copy of their health data, yet there are still healthcare organizations that are making this difficult. OCR has already agreed to settle one case this year with a HIPAA-covered entity that failed to provide a patient with a copy of her health information. OCR had to intervene before those records were provided to the patient. The entity in question, Bayfront Health St Petersburg, paid a financial penalty of $85,000 to resolve the HIPAA violation. More financial penalties will be issued to covered entities that fail to comply with this important provision of HIPAA. Severino confirmed that...

Read More
Adoption of Standards Improves Cybersecurity of Internet of Medical Things (IoMT) Devices
Oct17

Adoption of Standards Improves Cybersecurity of Internet of Medical Things (IoMT) Devices

Internet of Medical Things (IoMT) technology is helping to increase efficiency, improve the quality of healthcare, and lower healthcare costs; however, IoMT introduces risks. The failure to reduce those risks to a low and acceptable level leaves IoMT devices vulnerable to cyberattacks. Those attacks can be expensive to resolve, which drives up the cost of healthcare and can result in patients coming to harm. Not only must the devices be secured, cybersecurity must also be managed throughout the entire lifespan of the devices. Software and firmware must be kept up to date, patches must be applied promptly to fix vulnerabilities, and the devices need to be returned when they reach end of life and support comes to an end. Without a thorough understanding of the risks, securing IoMT devices can be a major challenge. The U.S. Department of Veteran Affairs (VA) has taken steps to improve the safety and security of IoMT devices and has been seeking solutions for securing large-scale IoMT device deployments to better protect the 9 million people under its care. The VA, in conjunction with...

Read More
Report Reveals the Most Common Cyber Threats Faced by Healthcare Organizations
Oct16

Report Reveals the Most Common Cyber Threats Faced by Healthcare Organizations

A new report from Proofpoint offers insights into the cyber threats faced by healthcare organizations and the most common attacks that lead to healthcare data breaches. Proofpoint’s 2019 Healthcare Threat Report highlights the ever-changing threat landscape and how the tactics used by cybercriminals are in a constant state of flux. The study – conducted between Q2, 2018 and Q1, 2019 – shows how the malware variants used in attacks often change. Ransomware was a popular form of malware in Q2, 2018 and was used in many attacks on healthcare organizations, but ransomware incidents then dwindled rapidly as cybercriminals switched their attention to banking Trojans. For the remaining three quarters of the study period, banking Trojans were the malware variant of choice, although ransomware is now proving popular once again. Proofpoint’s research shows banking Trojans were the biggest malware threat to healthcare organizations for the period of the study, accounting for 41% of malicious payloads delivered via email between Q2 2018 and Q1 2019. In Q1, 2019, the biggest threat...

Read More
Gartner Releases 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations
Oct16

Gartner Releases 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations

Gartner has published its 2019 Market Guide for Cloud Service Providers to Healthcare Delivery Organizations (HDOs). The report contains an analysis of the healthcare cloud market and explains how the cloud can be a viable option for healthcare organizations seeking greater efficiency and flexibility than is achievable with traditional on-premises infrastructure. Many healthcare organizations are now realizing the value of cloud-based solutions and how intelligent use of the cloud can help improve efficiency, eliminate waste, and drive down the cost of healthcare delivery. The industry may lag behind other sectors in terms of cloud adoption, but the landscape is changing fast as the healthcare cloud market matures. Healthcare CIOs are now viewing the cloud as an extension of their internal infrastructure. While initially there was a great deal of skepticism about the cloud due to the security risks and potential for costs to spiral out of control, there is now widespread acceptance that the cloud can serve as an IT service delivery model and the healthcare industry is now much more...

Read More