29 Million Health Records Compromised, Hacking Doubled from 2010-2013

A recent study published in JAMA demonstrates the continuing threat posed to patients and healthcare providers by data breaches. Between 2010 and 2013 they found that there were 949 breaches reported to the HHS that each affected more than 500 people. In total there were over 29 million health records exposed by data breaches during that time.

The study also found that breaches resulting from hacking nearly doubled during the period the study covered. This trend is likely to continue without increased vigilance on the part of covered entities everywhere.

Read More

Phishing Continues To Present New Threats

The cyber-attack against Anthem Inc., which the insurer says may have started with a spear-phishing campaign targeting five of its employees, is a warning sign of the kinds of sophisticated schemes that may be common in the year ahead.   If the Anthem breach is a result of phishing it’s emblematic of what many security experts are expecting to see in the evolution of attacks against companies and their employees.   Risks From Social...

Read More

Cybersecurity In A Changing World

Sony, Target, Home Depot, Wyndham, T.J. Maxx, Apple, Staples, Hannaford Brothers, Anthem.   You’re probably glad that your company hasn’t been in the news for the last few years like those companies. What do they all have in common? They all had their customers’ personal data stolen in a data breach. Every single on of these companies has paid or will pay hundreds of thousands or millions of dollars as a result of their breaches.   Is...

Read More

HHS Puts Increased Emphasis On Cybersecurity

In January, 2015, the Office for of Civil Rights (OCR) at the Department of Health and Human Services (DHHS), highlighted increased cybersecurity risks for healthcare companies under strict obligations to protect sensitive patient data.  As cyber-attacks of these entities increase, so do HIPAA privacy breaches.  The OCR is seeing a rise in the number of people affected by hacking and IT breaches as reported by entities under the breach...

Read More

Hackers Increasingly Targeting Health Care Information

The FBI has reported that hackers have been increasingly targeting health care related IT systems and warned that the hackers may be seeking to obtain patients’ Protected Healthcare Information (PHI). With the January 2015 deadline to transition to EHRs approaching, the FBI warns that hackers are likely to seek to exploit vulnerabilities. The FBI also stated that in addition to targeting PHI “these actors have also been seen targeting...

Read More

HIPAA Audits Now Focused On Enforcement

Due to widespread noncompliance with the HIPAA Security Rule, the next phase of HIPAA audits will focus on electronic protected health information (e-PHI) security. Although this shouldn’t catch anyone off guard, the HHS OCR expects these audits to result in increased penalties for violations. Health care providers and their business associates, who are subject to the Security Rule, need to review the status of their HIPAA Security Rule...

Read More

Are You Protecting ALL Of Your Patients’ Information?

A recent breach at JPMorgan Chase has highlighted the need for anyone who deals with personal information to safeguard all data. While at first glance a data breach at a bank may not seem to be pertinent for a hospital or a clinic that data that was stolen shows otherwise. The hackers responsible for the Chase breach didn’t still account information or other data that most people consider important at first glance. The data stolen was...

Read More

Is Your Hospital Exposed?

$150K HIPAA Fine for Unpatched Software, OCR Imposes Penalty on Alaska Mental Health Provider   Federal regulators sent a message about the importance of applying software patches when they dropped a $150,000 HIPAA sanction on Anchorage Community Mental Health Services. The Department of Health and Human Services’ Office for Civil Rights says ACMHS failure to apply software patches contributed to a 2012 malware-related breach that...

Read More

Are You Compliant With Federal Healthcare Regulations?

The results of the U.S. Department of Health and Human Services’ (HHS) Office of Civil Rights (OCR) health information audit pilot program may be alarming to many health care providers, health insurers, and their business associates. OCR Senior Adviser Linda Sanches recently reported the results of the audits which were conducted by HHS-contracted KPMG.  The vast majority of the audited organizations failed to comply with mandatory...

Read More

Six Ways For Healthcare Providers To Protect PHI On Mobile Devices

Mobile devices in the workplace present challenges for many businesses however, few industries have as much at stake when it comes to the value of the information and government regulation as the health care industry does. Here are six things to keep in mind when dealing with mobile devices in healthcare.   Create an updated inventory of mobile devices. Many healthcare providers don’t keep an accurate inventory of digital devices. Both...

Read More