New Cybersecurity best practices
In December 2018, the Department of Health and Human Services (HHS) published the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. This new directive offers cybersecurity best practices that healthcare organizations of any size can implement. Originally posted by Fred Langston CISSP, CCSK at CI.Security.
I’ve been doing health industry cybersecurity for a long time, which has led to my involvement in helping to craft cybersecurity policy for the healthcare industry. One of my first experiences was back in 1996, when I was part of the working group that provided guidance on the proposed HIPAA Security Rule. That rule established certain standards for security moving forward. The resulting risk-based approach was meant to allow the vastly different types and sizes ... Read More
Advanced Persistent Threats and Zero Day Exploits get a lot of press these days. I am reprinting content from the Office for Civil Rights (OCR) in the US Department of Health and Human Services.
Advanced Persistent Threats and Zero Day Exploits
An advanced persistent threat (APT) is a long-term cybersecurity attack that continuously attempts to find and exploit vulnerabilities in a target’s information systems to steal information or disrupt the target’s operations.1 Although individual APT attacks need not be technologically sophisticated, the persistent nature of the attack, as well as the attacker’s ability to change tactics to avoid detection, make APTs a formidable threat.
APTs are a serious threat to any information technology (IT) system, but especially those that are part of the health care field. Healthcare services ... Read More
Healthcare data under attack
As the healthcare industry continues to be an attractive target in cyberattacks, the latest data shows that cybercriminals are taking more patient health data than ever.
When the number of breaches doesn’t materially change from year to year, it’s a natural assumption that the impact of those breaches is equally similar.
According to new data in the 2019 Annual Breach Barometer Report from patient privacy monitoring vendor Protenus, the number of breaches rose from 477 breaches in 2017 to 503 in 2018, with the number of records nearly tripling year over year – from 5.6 million to a little under 15.1 million.
With breached records costing healthcare organizations an average of $408, the massive jump in the number of total records breaches incurs a significant cost.
Also according ... Read More
HHS announces new rules
The federal Office for Civil Rights (OCR), part of the Department of Health and Human Services, announced today the issuance of the final conscience rule that protects individuals and health care entities from discrimination on the basis of their exercise of conscience in HHS-funded programs. Just as OCR enforces other civil rights, the rule implements full and robust enforcement of approximately 25 provisions passed by Congress protecting longstanding conscience rights in healthcare.
The final rule fulfills President Trump’s promise to promote and protect the fundamental and unalienable rights of conscience and religious liberty, a promise he made when he signed an executive order in May 2017 protecting religious liberty. In October 2017, the Department of Justice issued guidance encouraging other Departments, including HHS, ... Read More