There is no denying that 2016 was the year of determining how to respond to healthcare privacy and security threats. Top headlines included everything from ransomware disrupting hospitals’ ability to care for patients, to negligent insiders’ actions compromising patient information, to business associates not securing its customers’ sensitive data. Throughout the year CynergisTek’s subject matter experts wrote several blog posts to address the latest headlines, incidents, threats and regulatory actions in healthcare. Below are some of our top blog posts and the most popular infographic we published.
OCR Expands Compliance Reviews of Small Healthcare Breaches
In August, OCR announced a new initiative that expanded efforts to review and investigate the causes of breaches that affect fewer than 500 people. This blog post explains how investigations into the root cause of small breaches can identify an entity’s widespread or systemic noncompliance with the privacy and security rules. For example, a review of a single stolen laptop that held e-PHI of 100 individuals may uncover an organization’s failure to encrypt any of the data it creates or maintains. And just as easily as a large breach, a small breach can reveal that a covered entity or business associate has not completed an enterprise-wide information security risk assessment and its risk management plan to effectively safeguard PHI. Are you aware of the factors OCR will specifically look at for compliance reviews? Read more.
Pay Now or Pay Later
In this blog post, Marti Arvin, VP of Compliance Strategy, reminds us that if you don’t spend the energy and resources to reduce security and/or privacy risks now, you will likely pay for it later. Furthermore, if you wait until later it will cost more to take care of the problem than it would have to prevent it. It also reviews the impact of prevention and compares with the cost of a breach. Read more.
Using a Battering RAM to Hack
A few years ago hacker’s mission was to get malware onto the hard drive of the target system. As end-point defensive software has become both more ubiquitous and effective, the methods used in post-exploitation have had to evolve in kind. This means that as soon as defenders got better tools, attackers had to innovate new methods of gaining access. This blog post reviews how Battering RAM is used as a new hack. Read more.
MouseJack Hack: Wireless Keyboard & Mouse Lets Bad Guys in the House
Throughout 2016 we saw more advanced and creative ways for hackers to exploit its victim. This year at the DEF CON conference, one hacker was able to exploit how a mouse or keyboard could be an effective attack vector. In this blog post, John Nye shares his experience of recreating this hack to learn more about the threat it poses. Read more.
The Healthcare Ransomware Threat Infographic
2016 ransomware attacks targeted at healthcare organizations proved that they have the capability to disrupt operations for prolonged periods of time. These attacks not only cost money to the institutions affected but also disrupted their ability to treat and serve patients. As a result, we created this infographic to explain the prevalence of this threat, analyze the effects of it, and provide guidance on how to protect yourself from it. Read more.
Visit our blog often to read the latest about cybersecurity, privacy, compliance and regulatory actions in healthcare.