Show All

Sep 1, 2017 10:00:00 AM

Are Your Medical Devices Secure?

If your hospital or clinic uses a Windows 7-based version of a Siemens PET/CT or SPECT system, it could be vulnerable to attack by a relatively low-skill hacker, according to a July 26 security advisory from the company.

Continue reading >

Topics: Cybersecurity, Vulnerability Scans, Cyber Resilience, Medical Device Risks

May 19, 2017 11:00:00 AM

Lessons Learned From the WannaCry Ransomware Attack

Last week, the WannaCry ransomware attack hit over 150 countries and infected tens of thousands of systems worldwide. Among those victimized were England’s National Health Service, automobile manufacturers, and government systems. The worm’s ominous red ransom screen, informing the user that all files have been encrypted, was found on only on users’ desktops, but also on ATM screens, parking meters, digital billboards, and industrial control systems.

Continue reading >

Topics: Cybersecurity, Ransomware, WannaCry

Jan 27, 2017 9:00:00 AM

HFMA Mid-South Institute 2017 Highlights

We’re gearing up for what’s in store in the healthcare arena in 2017 by attending HFMA’s Mid-South Institute. Attendees from Missouri, Arkansas, Mississippi, and Tennessee have gathered to learn of updates in healthcare and how to embrace for the year ahead. Here are a couple of themes that were reinforced during the conference:

Continue reading >

Topics: Healthcare, Electronic Health Records, Cybersecurity, HFMA

Oct 7, 2016 9:30:00 AM

Musings from the Road - Key Takeaways from AHLA’s Fraud and Compliance Conference

One of my favorite parts of the opening sessions of AHLA’s Fraud and Compliance Conference is  Ms. Carder-Thompson’s “Year in Review.” She manages to hit the high points of virtually everything that happens during the year. I pay particularly close attention to her topics on healthcare data security and HIPAA. 

Continue reading >

Topics: Fraud, Cybersecurity, AHLA

Oct 6, 2016 11:00:00 AM

Hacking Healthcare: How to Offensively Protect Healthcare Systems

This commentary originally appeared September 20 on the HORNE Cyber Blog.

A breach of a healthcare provider can have a serious impact, both in terms of financial loss and patient confidence. HIPAA violations can involve fines of up to $50,000 per patient record, and in many cases, attackers are able to access all of a provider’s patient records.

Continue reading >

Topics: Healthcare, Cybersecurity, Hacking

Aug 4, 2016 11:29:38 AM

#1 Strategy to Fight Ransomware Attacks – Educate Your Employees

Last week, I wrote a blog about the serious problems we face from “ransomware” – the malicious software criminals can use to hold your data hostage. I provided some best practices to make it more difficult for someone to use your data in an extortion scheme, but I saved the most effective strategy for this week’s blog. It is: educate your employees.

Continue reading >

Topics: Training, Cybersecurity, Ransomware

Jun 28, 2016 10:00:00 AM

10 Takeaways from the AHLA Annual Meeting

One of our favorite sessions at the AHLA Annual Meeting is the Year-in-Review by Jack Schroeder and Elizabeth Carder-Thompson. It is a great way to get caught up on a year’s worth of activity in health law in 120 minutes. Out of the volumes of information Jack and Elizabeth read to summarize for conference attendees, we found 10 pieces of information that were particularly interesting for our practice in these days of constant and rapid change. We felt these would be worth sharing:

Continue reading >

Topics: Healthcare, Mergers and Acquisitions, Cybersecurity

Apr 22, 2016 10:00:00 AM

What Healthcare Organizations Need to Know to Combat Cybercrime

Cybersecurity is one of the biggest risks to healthcare organizations – regardless of size. Last year, some of the largest healthcare providers fell victim to data breaches affecting over 112 million records which is almost 35% of the U.S. population.  This year, many healthcare organizations have had their data held hostage by ransomware attacks, disrupting operations and in some cases requiring payments to regain system access.

Continue reading >

Topics: Healthcare, Electronic Health Records, Cybersecurity

Feb 4, 2016 11:00:00 AM

FDA Proposes Cybersecurity Guidelines for Medical Devices

I published a blog last month about the need to increase security for imaging devices in hospitals. The devices I discussed store both personal and medical information about patients and should be subject to standard security measures. Very often, they are not.

Last week, the Food and Drug Administration issued proposed guidelines for postmarket management of cybersecurity in medical devices. The guidelines provide best practices for assessing and managing cybersecurity vulnerabilities in medical devices and include situations involving both hacker access to patient records and hacker access to the devices themselves. Although It’s very uncomfortable to think of a hacker’s ability to access our private information, it is even more distressing to consider a hacker’s ability to increase or decrease IV drips, alter pacemaker functions or to change settings on an imaging device. 

Continue reading >

Topics: Cybersecurity, FDA

Jan 14, 2016 10:00:00 AM

Managing Privacy Risks in Radiology Departments

Recently, the Department of Health and Human Services Office of Civil Rights released a settlement agreement with Lahey Medical Center in Burlington, Mass.  The hospital agreed to pay $850,000 to settle potential HIPAA violations.

The event that triggered the settlement started when a laptop was stolen from a radiology treatment room in the overnight hours of August 11, 2011.  The laptop was being used both to operate a CT scanner and to access stored digital images.  The laptop contained unencrypted information about approximately 599 patients, and its theft resulted in a breach of that patient information. 

Continue reading >

Topics: Healthcare Data, Patient Care, Cybersecurity

Nov 12, 2015 11:00:00 AM

Employee Training is Key to Online Data Security

Your employees are your greatest asset – and your greatest cybersecurity risk. That statement may sound harsh, but hackers often prey on unwary employees because employees can provide easy access to otherwise secure systems.

Remember the Anthem breach earlier this year? Hackers gained access to nearly 80 million consumer records containing personal data, at least in part, by using stolen employee credentials such as user IDs and passwords. It’s likely that Anthem employees unknowingly handed over their credentials online or inadvertently allowed hackers to insert malware into company systems. 

Continue reading >

Topics: HIPAA, Training, Cybersecurity

Oct 22, 2015 10:00:00 AM

10 Tips to Prepare for Electronic Health Records Audits

Has your organization secured all its electronic healthcare records? If not, don’t wait to put the proper policies and procedures in place.

If you’ve already secured your EHR, then make sure that you’re ready for an audit by the Office of Civil Rights.

I wrote in my last blog that the OCR is being more aggressive in ensuring that the HIPAA regulations governing EHR security are being enforced. The OCR’s plan includes conducting audits of both healthcare organizations and their business associates, starting next year. 

Continue reading >

Topics: Electronic Health Records, HIPAA, Cybersecurity

Oct 8, 2015 11:00:00 AM

Don't Forget Phone Security

If I had to guess, I’d say you are reading this on your iPhone, iPad, Galaxy or some other mobile device. I’m not clairvoyant; research shows more than half of all emails are opened on mobile devices. It’s likely that if you use tablets or smart phones, you use them in almost every facet of your life from communicating with your friends, family members and work associates to helping with homework, paying bills and working from home. Fortunately, the security built into the systems is generally adequate for most of your personal needs. 

Continue reading >

Topics: Healthcare, Cybersecurity