All posts tagged Cybersecurity

Genomic Data Sharing Policies Must Protect Patient Privacy, Minimize Risk

By Michael Saito (Epic), Chair & Nam Nguyen, (Allscripts) Vice Chair, EHRA Privacy & Security Workgroup

The National Institutes of Health’s (NIH) ongoing objective of sharing research data sets to facilitate additional study is something EHRA member companies wholly support – as long as it protects patient privacy, ensures patients can provide informed and meaningful consent for use of their data, and minimizes the risk that patients’ genomic and other health data can be re-identified or misused. 

To that end, we took advantage of the NIH’s recent Request for Information (RFI) on the proposed updates to and long-term considerations for its Genomic Data Sharing (GDS) Policy to provide feedback in the key areas of de-identification, potentially identifiable information, and data linkages.

(more…)
Leave a comment
by EHR Association on May 24, 2022  •  Permalink
Posted in Health IT Standards, Interoperability
Tagged , , ,

Posted by EHR Association on May 24, 2022

https://ehrablog.org/2022/05/24/genomic-data-sharing-policies-must-protect-patient-privacy-minimize-risk/

Phishing and Ransomware – The Gruesome Twosome of Cyber Attacks

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations. Based upon the feedback from 168 US-based healthcare cybersecurity professionals, “Significant security incidents continue to plague healthcare organizations of all types and sizes. Phishing is the most common type of significant security incident.”

Phishing and ransomware are the one-two punch of significant cyber risks. Phishing is typically the initial hook for significant security incidents, and occurs when a bad actor targets a user by email, telephone, or text message, posing as a legitimate company or organization to persuade the user to provide sensitive information, such as personal identifiers, banking information, credit card information and passwords. 

Using phishing tactics, a hacker can pose as an organization to get login information from an employee. Then using the login information they stole, place ransomware in the employer company’s critical systems.

Ransomware is malicious software that blocks access to an organization’s critical computer systems until a sum of money, the ransom, is paid. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have published guidance urging victim organizations not to pay ransoms; they warn that paying hackers does not guarantee data will be returned and may encourage future strikes.   

(more…)
Leave a comment
by EHR Association on October 31, 2021  •  Permalink
Posted in Privacy and Security
Tagged

Posted by EHR Association on October 31, 2021

https://ehrablog.org/2021/10/31/phishing-and-ransomware-the-gruesome-twosome-of-cyber-attacks/

Cybersecurity Career Awareness Week

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations. Based upon the feedback from 168 US-based healthcare cybersecurity professionals, “Cybersecurity budgets are still lacking with typically 6% or less of the information technology budget allocated for this purpose. A large attack surface exists within many healthcare organizations due to the profound lack of resources.”

Even as cyberattacks are increasing exponentially, businesses including healthcare organizations are facing another significant risk –  a shortage of available, qualified cybersecurity professionals. 

According to the fifth annual global study of cybersecurity professionals by the Information Systems Security Association (ISSA), more than 57% of organizations have been negatively impacted by the “cybersecurity skills crisis.” Of the professionals surveyed by ISSA, 95% indicated the skills shortage has not improved in recent years and 44% say it has worsened. 

(more…)
Leave a comment
by EHR Association on October 18, 2021  •  Permalink
Posted in Uncategorized
Tagged , ,

Posted by EHR Association on October 18, 2021

https://ehrablog.org/2021/10/18/cybersecurity-career-awareness-week/

Have you updated your software today?

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations. Based upon the feedback from 168 US-based healthcare cybersecurity professionals, “Relatively few healthcare organizations are conducting end-to-end security risk assessments. Sensitive information is exposed and such systems are vulnerable to attack.”

A simple yet important precaution to reduce cybersecurity risks is ensuring software updates and patches are applied in a timely manner. Though they are easy to ignore, most software updates or patches are important, as they address a vulnerability or security flaw in the endpoint of computer systems or medical devices. 

Healthcare organizations have been increasingly targeted with ransomware and other cyberattacks since the beginning of the COVID-19 pandemic. This has shown hackers’ ability to endanger healthcare organizations’ operations as well as patient lives. 

(more…)
Leave a comment
by EHR Association on October 11, 2021  •  Permalink
Posted in Privacy and Security
Tagged , ,

Posted by EHR Association on October 11, 2021

https://ehrablog.org/2021/10/11/have-you-updated-your-software-today/

Passphrases are good, multi-factor authentication is better

By Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

October is Cybersecurity Awareness Month, and the Electronic Health Record Association (EHRA) will use this opportunity to share helpful reminders of cybersecurity fundamentals throughout the month. 

The 2020 HIMSS Cybersecurity Survey provides a look into cybersecurity issues facing US healthcare organizations.  Based upon the feedback from 168 US-based healthcare cybersecurity professionals, healthcare organizations must deal with a growing array of significant security incidents. These issues not only compromise the integrity of your technology and the privacy of patients, but can also disrupt an organization’s ability to provide patient care.

Being prepared for cyberattacks requires doing all you can to reduce cybersecurity risks. One of the most significant risks identified by security professionals is password management. Many people are still using simple passwords such as a series of numbers (123456) or easily guessed words (password). However, the easier it is to guess a password, the higher the risk of being compromised by a cyberattack. 

(more…)
2 Comments
by EHR Association on October 4, 2021  •  Permalink
Posted in Privacy and Security
Tagged

Posted by EHR Association on October 4, 2021

https://ehrablog.org/2021/10/04/passphrases-are-good-multi-factor-authentication-is-better/

  • Categories

  • Follow EHRA on Twitter

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 179 other subscribers

  • Contact Us

    Kasey Nicholoff
    staff @ ehra.org

    Amanda Patanow
    Communications and Media
    ehracomms @ npccs.com