Unencrypted Laptop Theft Exposes PHI of 9,300 University of Oklahoma Patients
Lightening does strike twice, at least in Oklahoma it would seem, where yet another unencrypted laptop has been stolen from the car of a University of Oklahoma (UO) physician, this time exposing the Protected Health Information (PHI) of 9,300 patients, adding to the 7,693 victims created by the last UO unencrypted laptop theft, reported in July. If the Department of Health and Human Services’ Office for Civil Rights has not yet investigated the previous breach – suffered by the University of Oklahoma’s College of Medicine’s Department of Obstetrics and Gynecology – this additional laptop theft may well move the investigation up the priority list. This time around, the security breach hints of HIPAA violations. University of Oklahoma HIPAA Breach? In the latest case, UO was unaware that the Department of Urology physician in question was storing patient data on the laptop, which was in violation of internal data security policies. The breach notice was issued almost three months after the theft occurred, suggesting a violation of the HIPAA Breach Notification Rule. UO...
Cost of Health System Cyberattacks to Rise to $305 Billion
The cost of health system cyberattacks is set to increase substantially, according to a recent study conducted by global management consulting firm, Accenture. The new study predicts the cost of health system cyberattacks will rise to $305 billion over the next 5 years, and will affect approximately 25 million patients. The company also estimates that 1 in every 13 U.S healthcare system patients are likely to have their identities stolen and used to commit fraud over the same time period. The research team calculated that 1.6 million patients have already had their medical data stolen from healthcare providers in 2014. With the number of breach victims already created in 2015, next year’s figures are likely to be considerably higher. Cost of Health System Cyberattacks Will Continue to Increase For the study, Accenture used data compiled by the Ponemon Institute along with breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights. That data was used to determine the number of individuals who were likely to suffer identity theft, and then...
How to Spot a Phishing Email
October is National Cyber Security Awareness Month, a time of the year when events are organized and new initiatives are launched to increase cybersecurity awareness and highlight the risk of cyberattacks, computer fraud, phishing campaigns, and other data security and privacy issues. When President Obama declared October National Cyber Security Awareness Month, his aim was to increase the resiliency of the nation in the event of a cyber incident, and great strides have been made already to make his dream a reality. The Cybersecurity Threat is Greater Than Ever Before Unfortunately for healthcare providers, cybercriminals are now upping their game. They are developing ever more sophisticated methods of attack in an effort to gain access to healthcare data. The United States now faces the highest risk of cyberattack and all healthcare providers must now invest heavily in defenses to protect their computer equipment and systems from the onslaught of attacks. One of the most common methods used by cybercriminals to gain access to healthcare networks is phishing emails. The...
2016 Global State of Cybersecurity Study Released
The threat landscape is ever-changing and the risk of cyberattacks has grown enormously in recent years; however, organizations have responded to the increased threat level by implementing a range of new cybersecurity defenses to keep networks and data secure, according to a recent report on the global state of cybersecurity. Cloud-enabled cybersecurity defenses have been deployed, advanced authentication software installed, and big data analytics are increasingly common. As a result, cybersecurity risks are, in many cases, being effectively managed. One of the main advances has been the use of cybersecurity intelligence, which allows insights to be gained into the biggest security threats. This has allowed IT security professionals to manage risks more effectively, and allocate resources to deal with the biggest threats. We are now also seeing organizations adopt a more collaborative approach to data security, with greater sharing of intel between corporations to deal with a common threat. Global State of Cybersecurity Assessed by PWC The new Pricewaterhouse Coopers (PWC) study...
Data Breach Laws in California Updated
Data breach laws in California have been updated following the signing of three new bills by California Governor Jerry Brown. The new bills were passed as a single package, and will come into effect on January 1, 2016. The new bills – Assembly Bill 964 (A.B. 964), Senate Bill 570 (S.B. 570) and Senate Bill 34 (S.B. 34) – are intended to clarify data breach laws in California, and provide further explanations on data encryption, the issuing of data breach notices, as well as expanding the definition of “personal information” under California Law. New Data Encryption Definition There are a number of data encryption standards and methods of encrypting data to prevent accidental or deliberate disclosure. However, not all encryption methods offer the same level of protection. One of the new bills introduced last week helps to clarify what is meant by “encryption” in California. Assembly Bill 964 confirms that encryption means information is “rendered unusable, unreadable or indecipherable to an unauthorized person through a security technology or methodology generally accepted in...



