03.8.2019

Hospital Cybersecurity 2019: Seven Essential Leadership-Level Strategies

Dangerous cybersecurity attacks have become a sweeping problem across our healthcare industry, with most hospitals having experienced not one or two, but many threats in the last three years. It wasn’t that long ago when the most common perpetrator of security breaches was a negligent employee. But the majority of threats now are from cybercriminals and other malicious actors, according to the 2019 HIMSS Cybersecurity Survey published last month. The good news is that many hospitals have conceded that these risks are not going away and are investing in tenacious battles against cybercrime. We’ve gathered data from a variety of hospitals detailing innovative and aggressive strategies they are using to minimize if not eliminate significant security incidents.

(more…)

02.21.2019

Your Mobile Device is a Security Risk! Discover Simple, Surprising Fixes.

At least 80 percent of Americans use smartphones and/or tablets, creating a digital frontier that is rife with cybercriminal activity. Worse, healthcare workers are subject to special risks of HIPAA violation if they use their devices to store or transmit protected health information of patients or access their hospitals’ networks, EHRs, and other computer systems. Cybercriminals now target mobile devices almost as much as desktops… IOS, Android, it doesn’t matter…and too many users do not use preventative measures that they take for granted with their desktops. In this post, we discuss the security risks of mobile device usage and offer a simple, informative new downloadable infographic learning tool suitable for printing and posting in your workplace.

(more…)

01.16.2019

Record Numbers of Phishing Attacks Are Succeeding. Stop Being Such Tasty Bait.

Phishing attacks, at an all-time high in 2018,  continue to pelt healthcare organizations, gaining access to invaluable patient data and personal information of staff members. Social Security numbers, credit card and bank data, logins, driver’s licenses, medical histories, and even digital signatures — is grabbed and used to make illegal purchases or otherwise commit fraud. Mobile devices have morphed into profitable new opportunities for criminals executing phishing attacks, as identifying and blocking mobile-based phishing attacks is especially difficult for both individuals and employers’ current security technologies. These exploits create entry-ways into entire hospital computer networks and wreak broadscale havoc. Phishing accounts for nearly 40% of hospital security breaches (HIMSS), and end-users are the number one enablers when they are negligent or so hoodwinked by criminal “social engineers” that they break proper security procedures.

Regular education of all end-users is a must today for all healthcare organizations and their business associates. Frequent reminders help keep the ball rolling. As a small contribution to the cause, we’ve developed a free infographic poster with key tips on avoiding common phishing ruses. Print it (scalable up to 18 X 24), and post it!

(more…)

09.20.2018

Managing the HIPAA Risks of Outsourcing to Business Associates

Today, most hospitals count on external outsourcing services for a myriad of essential functions like revenue cycle management, health information management, IT support, data storage and security, housekeeping, and many other clinical and non-clinical functions. Many of these partners are business associates under HIPAA — and therein lies major potential security risks for hospitals. Relationships with diligent, qualified business associates have proven to be a boon to hospitals’ service quality and cost efficiencies. But data security and privacy breaches either caused by business associates or enabled by their deficiencies have exploded in recent years.  Every hospital and healthcare organization must protect itself through a well-defined and enforced business associate management program. Here’s what you need to know — plus a great infographic to summarize this critical issue.

(more…)

08.22.2018

Healthcare Phishing Attacks Are Succeeding. Let’s Stop Being Such Tasty Bait.

Phishing attacks continue to pelt healthcare organizations, successfully gaining access to invaluable patient data and personal information of staff members. This information — Social Security numbers, credit card and bank data, logins, driver’s licenses, medical histories, and even digital signatures — is typically used to make illegal purchases or otherwise commit fraud. These exploits also create entry-ways into entire hospital computer networks and wreak broadscale havoc. Phishing accounts for nearly 40% of hospital security breaches (HIMSS), and end-users are the number one enablers when they are negligent or so hoodwinked by criminal “social engineers” that they break proper security procedures.

Regular education of all end-users is a must today for all healthcare organizations and their business associates. Frequent reminders help keep the ball rolling. As a small contribution to the cause, we’ve developed a free infographic poster with key tips on avoiding common phishing ruses. Print it (scalable up to 18 X 24), and post it!

(more…)

08.7.2018

Cybercrime 2018: Most Hospitals’ IT Security Is Still Not Enough

Have you noticed? We haven’t read shocking news of record-breaking security breaches, in fact not since 2015-2016. Remember Bon Secours Health System where the information of 655,000 patients was compromised via the internet? Or the breach at 21st Century Oncology Holdings that hit more than two million patients across 181 cancer treatment centers? A cyber attack on Banner Health affected 3.6 million people, and NewKirk Products, a business associate, was hacked to the tune of 3.5 million affected individuals. According to HHS’ Wall of Shame, over 113 million people were hit in 2015 by breaches of their personal data, and in 2016 more than 27 million patient records were impacted. But, in the whole of 2017 “only” about 4.7 million people were victimized, a four year low.  This may seem like good news, but before we get too comfortable with our seemingly safer data security today, here’s the story behind the story —  and it isn’t pretty.

(more…)

05.30.2018

New Infographic: Risks of HIPAA Business Associate Relationships

Last week, we published a blog post about the importance of hospitals’ establishing and monitoring Business Associate Agreements with contractors who touch protected health information (PHI). Most hospitals and other HIPAA-covered entities, e.g. payors, physician practices and pharmacies, outsource a myriad of services for better, cost-effective operational results. Many of these services “touch” PHI, e.g. transcription services, revenue cycle managers, IT support and many other clinical and non-clinical functions. They are deemed HIPAA business associates (BAs) as of the 2013 Omnibus HIPAA Rule, and are accountable (think fines and even prison time) for PHI breaches. Many hospitals and their contractors still don’t know this or just aren’t on top of this issue. Read on for our newest infographic that simplifies the risks of HIPAA business associate relationships.

(more…)

05.24.2018

Essentials in Managing the HIPAA Risks of Outsourcing

Almost all hospitals outsource a myriad of services for better and more cost-effective operational results. These services extend well beyond the traditional transcription, data entry, housekeeping and food services of yesteryear.  Today, outsourcing services are used for health information management, revenue cycle management, clinical research, IT support, data storage and security, and many other clinical and non-clinical functions. While outsourcing can be a huge boon to efficiencies and quality, it also may bring serious HIPAA-related risks if the vendor qualifies as a business associate (BA) under the law.

Which vendors qualify as business associates? What are the HIPAA risks of depending on these outsiders? Data security and privacy breaches by business associates have exploded in recent years, but diligent management by your hospital via proper procedures will minimize its risks. Here’s what you need to know.

(more…)

03.27.2018

Infographic Poster: Top 8 Rules for Secure Texting in Healthcare

Texting among healthcare team members has become a valuable communications tool that creates efficiencies and improves patient safety. Some organizations also use opt-in texting programs to send reminders to patients. But strict rules must be followed to meet HIPAA privacy and security regulations and prevent cybercriminal activity. Providers must implement policies to ensure the security and integrity of their texting systems, platforms and content. We have developed an infographic (downloadable as a poster) that will serve as a great reminder to your staff that secure texting in healthcare is essential, and to FOLLOW THE RULES.

(more…)

02.27.2018

Texting in Healthcare is Here to Stay: But Know the Rules!

The December 28, 2017 announcement of CMS’ new and apparently final stance on clinicians’ texting patient information probably sailed under your radar. CMS clarified what previously had been a confusing message, and now has specified that it is permissible for clinicians to communicate PHI, but only across a secure platform. However, significant caveats were noted. Every clinician across all healthcare provider organization must be educated, preferably through IT leadership, on CMS’ clarified policy on texting in healthcare as soon as possible — not just to adhere to federal rules, but to prevent compromise of texting usage by cyber criminal activity.

(more…)