Baptist Health Data Breach Announced: 6500 Records Exposed
On October 1, 2015, a Baptist Health data breach was added to the Department of Health and Human Services’ Office for Civil Rights breach portal. The breach report indicated the Arkansas-based healthcare provider had suffered a security breach which resulted in the Protected Health Information of 6,500 patients being improperly disclosed to a third party. Breach notification letters were sent to patients on October 1, alerting them to the privacy breach. This was within the time frame required by the HIPAA Breach Notification Rule, although it has taken some time for further information about the data breach to emerge. According to a HIPAA breach notification posted on the Baptist Health website, the security incident has been tied to a former Baptist Health provider, who allegedly exported data while employed at Baptist Health and sent that information to Bray Family Medicine, where the individual is now employed. The security breach first came to light on August 6, 2015 when a Baptist Health patient complained about a letter that had been received from Bray Family Medicine, which...
New Adobe Flash “Critical” Zero Day Security Flaw Patched
A critical Adobe Flash security flaw discovered by Google’s Project Zero and Trend Micro’s Peter Pi, has now been patched by Adobe; days ahead of schedule. The new patch also fixes two other security vulnerabilities discovered in Adobe Flash earlier this month. The patch was originally scheduled to be released this week; however, Adobe released the emergency patch on Friday last week, just three days after it issued another patch to address 13 other critical security vulnerabilities. An announcement made by Adobe earlier this week explained the seriousness of the 13 vulnerabilities, indicating “could potentially allow an attacker to take control of the affected system.” The same is true of the latest vulnerability, although in the latest case, it is not a case of “could” but “has already been.” The exploit has not been reported to have been used to target healthcare providers, but Pawn Storm has used the exploit to target government ministries according to TrendMicro. The hackers devised spear phishing campaigns which directed their targets to web pages that hosted the...
Healthcare Software Security Assessed by BSIMM Study
Aetna, ANDA, McKesson, The Advisory Board Company, Siemens and Zephyr Health have all been assessed as part of the latest Building Security in Maturity Model (BSIMM) study, published yesterday, with healthcare software security discovered to be well behind other industry sectors. This is the first time that healthcare firms have been assessed by the study, which looks at 12 different software security practices. The study assesses enterprise software security development, which for the healthcare industry is severely lagging behind other industries in all 12 of the software security practices tested. This is the first time in the history of the study that one industry has performed so consistently poorly, and has come bottom of the list in all of the security practices tested. The main industries assessed as part of the study were healthcare, the financial services, consumer electronics organizations and independent software companies, as well as a smaller number of organizations from the insurance, retail and telecoms industries. The results of the BSIMM study give organizations...
Kaspersky Labs Report Probes Security Attitudes Among BYOD Participants
The rise in popularity of mobile devices has seen many companies adopt a Bring Your Own Device (BYOD) scheme. According to a recent survey by Kaspersky Labs, over half of consumers are now using their own mobiles, laptops and tablets at work and take part in such a scheme. Due to the benefits of BYOD schemes, they have now been adopted by many HIPAA-covered entities, although the strict regulations covering data privacy and security have, to a certain extent, restricted use of the devices for work purposes more than in other, less well regulated industries. A Lack of Concern for Work Data The latest Kaspersky BYOD survey may have shown BYOD schemes have been widely adopted in the United States, but organizations operating such a scheme must effectively deal with the cybersecurity risks the schemes can introduce. While operators of the schemes may address security issues, not all organizations have fully assessed the risks posed by the devices. Furthermore, it would appear that many participants in BYOD schemes are not particularly concerned about data security. Only 10% of...
Is the Risk of Cyberattacks Really Increasing? Study Says No
The Department of Health and Human Services’ Office for Civil Rights breach portal lists all of the self-reported healthcare data breaches submitted by HIPAA covered entities, for all data-exposing security incidents, including hacks. A look at the headlines would suggest hackers are gaining access to patient data with increasing regularity, as malicious attacks on healthcare networks are widely reported in the media. When hacking incidents do occur, they tend to be headline news as they often involve the exposure of vast quantities of data. So far in 2015, multi-million-record data breaches have been suffered by a number of healthcare providers, health plans and Business Associates of covered entities, but is the risk of cyberattacks actually increasing? A recent study conducted by the University of New Mexico’s Department of Computer Science suggests that despite a number of major healthcare cybersecurity breaches being reported in 2014 and 2015, the risk of cyberattacks occurring has actually changed very little over the past decade, and that we are perhaps not actually in as...



