Sep 1, 2017 10:00:00 AM
May 19, 2017 11:00:00 AM
Last week, the WannaCry ransomware attack hit over 150 countries and infected tens of thousands of systems worldwide. Among those victimized were England’s National Health Service, automobile manufacturers, and government systems. The worm’s ominous red ransom screen, informing the user that all files have been encrypted, was found on only on users’ desktops, but also on ATM screens, parking meters, digital billboards, and industrial control systems.Continue reading >
Jan 27, 2017 9:00:00 AM
We’re gearing up for what’s in store in the healthcare arena in 2017 by attending HFMA’s Mid-South Institute. Attendees from Missouri, Arkansas, Mississippi, and Tennessee have gathered to learn of updates in healthcare and how to embrace for the year ahead. Here are a couple of themes that were reinforced during the conference:Continue reading >
Oct 7, 2016 9:30:00 AM
One of my favorite parts of the opening sessions of AHLA’s Fraud and Compliance Conference is Ms. Carder-Thompson’s “Year in Review.” She manages to hit the high points of virtually everything that happens during the year. I pay particularly close attention to her topics on healthcare data security and HIPAA.Continue reading >
Oct 6, 2016 11:00:00 AM
This commentary originally appeared September 20 on the HORNE Cyber Blog.
A breach of a healthcare provider can have a serious impact, both in terms of financial loss and patient confidence. HIPAA violations can involve fines of up to $50,000 per patient record, and in many cases, attackers are able to access all of a provider’s patient records.Continue reading >
Aug 4, 2016 11:29:38 AM
Last week, I wrote a blog about the serious problems we face from “ransomware” – the malicious software criminals can use to hold your data hostage. I provided some best practices to make it more difficult for someone to use your data in an extortion scheme, but I saved the most effective strategy for this week’s blog. It is: educate your employees.Continue reading >
Jun 28, 2016 10:00:00 AM
One of our favorite sessions at the AHLA Annual Meeting is the Year-in-Review by Jack Schroeder and Elizabeth Carder-Thompson. It is a great way to get caught up on a year’s worth of activity in health law in 120 minutes. Out of the volumes of information Jack and Elizabeth read to summarize for conference attendees, we found 10 pieces of information that were particularly interesting for our practice in these days of constant and rapid change. We felt these would be worth sharing:Continue reading >
Apr 22, 2016 10:00:00 AM
Cybersecurity is one of the biggest risks to healthcare organizations – regardless of size. Last year, some of the largest healthcare providers fell victim to data breaches – affecting over 112 million records which is almost 35% of the U.S. population. This year, many healthcare organizations have had their data held hostage by ransomware attacks, disrupting operations and in some cases requiring payments to regain system access.Continue reading >
Feb 4, 2016 11:00:00 AM
I published a blog last month about the need to increase security for imaging devices in hospitals. The devices I discussed store both personal and medical information about patients and should be subject to standard security measures. Very often, they are not.
Last week, the Food and Drug Administration issued proposed guidelines for postmarket management of cybersecurity in medical devices. The guidelines provide best practices for assessing and managing cybersecurity vulnerabilities in medical devices and include situations involving both hacker access to patient records and hacker access to the devices themselves. Although It’s very uncomfortable to think of a hacker’s ability to access our private information, it is even more distressing to consider a hacker’s ability to increase or decrease IV drips, alter pacemaker functions or to change settings on an imaging device.Continue reading >
Jan 14, 2016 10:00:00 AM
Recently, the Department of Health and Human Services Office of Civil Rights released a settlement agreement with Lahey Medical Center in Burlington, Mass. The hospital agreed to pay $850,000 to settle potential HIPAA violations.
The event that triggered the settlement started when a laptop was stolen from a radiology treatment room in the overnight hours of August 11, 2011. The laptop was being used both to operate a CT scanner and to access stored digital images. The laptop contained unencrypted information about approximately 599 patients, and its theft resulted in a breach of that patient information.Continue reading >
Nov 12, 2015 11:00:00 AM
Your employees are your greatest asset – and your greatest cybersecurity risk. That statement may sound harsh, but hackers often prey on unwary employees because employees can provide easy access to otherwise secure systems.
Remember the Anthem breach earlier this year? Hackers gained access to nearly 80 million consumer records containing personal data, at least in part, by using stolen employee credentials such as user IDs and passwords. It’s likely that Anthem employees unknowingly handed over their credentials online or inadvertently allowed hackers to insert malware into company systems.Continue reading >
Oct 22, 2015 10:00:00 AM
Has your organization secured all its electronic healthcare records? If not, don’t wait to put the proper policies and procedures in place.
If you’ve already secured your EHR, then make sure that you’re ready for an audit by the Office of Civil Rights.
I wrote in my last blog that the OCR is being more aggressive in ensuring that the HIPAA regulations governing EHR security are being enforced. The OCR’s plan includes conducting audits of both healthcare organizations and their business associates, starting next year.Continue reading >
Oct 8, 2015 11:00:00 AM
If I had to guess, I’d say you are reading this on your iPhone, iPad, Galaxy or some other mobile device. I’m not clairvoyant; research shows more than half of all emails are opened on mobile devices. It’s likely that if you use tablets or smart phones, you use them in almost every facet of your life from communicating with your friends, family members and work associates to helping with homework, paying bills and working from home. Fortunately, the security built into the systems is generally adequate for most of your personal needs.Continue reading >