By the EHRA Privacy & Security Workgroup
One of the latest ransomware variants making the rounds is Ryuk. It’s deployed using malware believed to be managed by Russian criminal groups with code names “Wizard Spider” and “Grim Spider” (learn more here).
The Crowdstrike 2019 Global Threat Report highlights disturbing new trends that make cyberattacks increasingly difficult to detect and block without more advanced tools. These include:
Posted by EHRA on October 29, 2019
https://ehrablog.org/2019/10/29/ransomware-trends-the-64000-question-and-preparedness/
By the EHRA Privacy & Security Workgroup
Just as healthcare clinical staff recognize the value of good physical hygiene to prevent infection, good cyber hygiene can prevent malware infections.
The number one preventative step? Staff vigilance. Everyone must be careful with clicks — whether it be an email, website link, or file attachment. Even as we’re inundated with information in today’s fast-paced digital world, taking the time to think before you click is just as important in preventing digital infections as washing hands between patients is in preventing bacterial infection.
Posted by EHRA on October 22, 2019
https://ehrablog.org/2019/10/22/preventing-malware-infections-starts-with-good-cyber-hygiene/
By the EHRA Privacy & Security Workgroup
For many C level executives in a healthcare organization, cybersecurity equates to risk of a cyberattack that results in a Health Insurance Portability and Accountability Act (HIPAA) breach and fine.
The bigger risk posed by a cyberattack, however, is to patient safety. If you get anything from this blog post, it should be this: Cybersecurity incidents affect more than HIPAA compliance, and should be treated as a patient safety risk.
By categorizing cyberattacks as a patient safety risk, it escalates the importance of cybersecurity as more than mitigating a potential HIPAA fine.
Posted by EHRA on October 15, 2019
https://ehrablog.org/2019/10/15/strategic-healthcare-leaders-recognize-cybersecurity-as-a-patient-safety-risk/
By EHRA Privacy & Security Workgroup
The ER was bustling with a full cast of colorful characters, as it always is on Halloween, when creepy messages started appearing on every single device:
Posted by EHRA on October 8, 2019
https://ehrablog.org/2019/10/08/ransomware-lessons-from-the-front-lines/
By the EHRA Privacy & Security Workgroup
Whether you work for a large health system or small physician practice, you know that securing your patients’ data is important, and it’s a responsibility you take seriously. But chances are, you haven’t fully implemented as many cybersecurity best practices as you could.
(more…)
Posted by EHRA on October 29, 2018
https://ehrablog.org/2018/10/29/five-easy-healthcare-cybersecurity-tips-from-ehr-developers/
By Nam Nguyen and Sayee Balaji Chandrasekaran, Chair and Vice Chair, EHRA Privacy & Security Workgroup
Cyber-threats are all over the news, including attempts to hack elections, steal corporate trade secrets, and hold medical records for ransom. Phishing is rampant, and is the way most hackers ultimately get into secure systems. The U.S. government has, of course, taken notice, and is taking action on several fronts.
One of those fronts is healthcare, with the release by HHS of the Health Care Industry Cybersecurity Task Force’s “Report on Improving Cybersecurity in the Health Care Industry,” which was delivered to Congress in June 2017. The task force wrote, “Our nation must find a way to prevent our patients from being forced to choose between connectivity and security.”
EHRA welcomes this report, which we view as a path forward for increasing security in the healthcare sector. The report directly aligns with two of EHRA’s privacy and security positions: (more…)
Posted by EHRA on April 5, 2018
https://ehrablog.org/2018/04/05/why-hhs-needs-a-privacy-leader-and-a-cybersecurity-leader/
