Phishing and Ransomware – The Gruesome Twosome of Cyber Attacks

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations. Based upon the feedback from 168 US-based healthcare cybersecurity professionals, “Significant security incidents continue to plague healthcare organizations of all types and sizes. Phishing is the most common type of significant security incident.”

Phishing and ransomware are the one-two punch of significant cyber risks. Phishing is typically the initial hook for significant security incidents, and occurs when a bad actor targets a user by email, telephone, or text message, posing as a legitimate company or organization to persuade the user to provide sensitive information, such as personal identifiers, banking information, credit card information and passwords. 

Using phishing tactics, a hacker can pose as an organization to get login information from an employee. Then using the login information they stole, place ransomware in the employer company’s critical systems.

Ransomware is malicious software that blocks access to an organization’s critical computer systems until a sum of money, the ransom, is paid. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have published guidance urging victim organizations not to pay ransoms; they warn that paying hackers does not guarantee data will be returned and may encourage future strikes.   

Read the full post »

SDOH and Health Equity: Summarizing the EHRA Congressional Briefing – Part 2

Ambulatory and Health System Perspectives

By EHRA Public Policy Leadership Workgroup

Part one of this two-part blog series summarized insights around SDOH and health equity from the developer and community perspectives, which were shared during the recent virtual Congressional Briefing hosted by EHRA’s Public Policy Leadership Workgroup. Part two shares the ambulatory and health system perspectives. The presentation slides and full briefing (passcode: H@R$UZ02) are available in the “Positions and Statements” section of EHRA’s website. 

Read the full post »

SDOH and Health Equity: Summarizing the EHRA Congressional Briefing – Part 1

Developer and Community Perspectives

By EHRA Public Policy Leadership Workgroup

Health equity and social determinants of health (SDOH) currently play a large role in the national conversation on health care, with the Biden Administration ranking it as one of its highest priorities. Practically, however, these discussions have been underway for years.

SDOH and health equity are a public policy and care coordination challenge, one that health IT can play an important role in resolving. Consider that 80% of health is determined by non-clinical factors. However, there is a wide information gap separating healthcare organizations and the social and community agencies at the forefront of identifying and addressing these socioeconomic needs. Health IT and interoperability standards facilitate the secure, seamless exchange of patient data between these environments to improve population and individual patient health outcomes.

Read the full post »

Cybersecurity Career Awareness Week

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations. Based upon the feedback from 168 US-based healthcare cybersecurity professionals, “Cybersecurity budgets are still lacking with typically 6% or less of the information technology budget allocated for this purpose. A large attack surface exists within many healthcare organizations due to the profound lack of resources.”

Even as cyberattacks are increasing exponentially, businesses including healthcare organizations are facing another significant risk –  a shortage of available, qualified cybersecurity professionals. 

According to the fifth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA), more than 57% of organizations have been negatively impacted by the “cybersecurity skills crisis.” Of the professionals surveyed by ISSA, 95% indicated the skills shortage has not improved in recent years and 44% say it has worsened. 

Read the full post »

Have you updated your software today?

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations. Based upon the feedback from 168 US-based healthcare cybersecurity professionals, “Relatively few healthcare organizations are conducting end-to-end security risk assessments. Sensitive information is exposed and such systems are vulnerable to attack.”

A simple yet important precaution to reduce cybersecurity risks is ensuring software updates and patches are applied in a timely manner. Though they are easy to ignore, most software updates or patches are important, as they address a vulnerability or security flaw in the endpoint of computer systems or medical devices. 

Healthcare organizations have been increasingly targeted with ransomware and other cyberattacks since the beginning of the COVID-19 pandemic. This has shown hackers’ ability to endanger healthcare organizations’ operations as well as patient lives. 

Read the full post »

Passphrases are good, multi-factor authentication is better

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations.  Based upon the feedback from 168 US-based healthcare cybersecurity professionals, healthcare organizations must deal with a growing array of significant security incidents. These issues not only compromise the integrity of your technology and the privacy of patients, but can also disrupt an organization’s ability to provide patient care.

Being prepared for cyberattacks requires doing all you can to reduce cybersecurity risks. One of the most significant risks identified by security professionals is password management. Many people are still using simple passwords such as a series of numbers (123456) or easily guessed words (password). However, the easier it is to guess a password, the higher the risk of being compromised by a cyberattack. 

Read the full post »
  • Categories

  • Follow EHRA on Twitter

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 167 other followers

  • Contact Us

    Kristi Feliksik
    kfeliksik @ ehra.org

    Amanda Patanow
    Communications and Media
    ehracomms @ npccs.com