The cyberwar against health care practices
While physicians worked to deal with COVID-19, hackers kept busy, too. From January through October of last year, there were 730 publicly disclosed security breaches with more than 22 billion records exposed, according to the cybersecurity firm Tenable. Health care made up 25% of those breaches with nearly 8 million records exposed.
Ransomware was by far the most popular attack method in 2020, making up 46% of the breaches. Ransomware is a malware that encrypts and locks your data making it inaccessible unless a ransom fee is paid to get it back. Success in extorting ransom payouts has made ransomware the top cybersecurity threat in the near future. The University Hospital in New Jersey paid out $670,000 only to encourage further attacks. And while larger institutions can pay those ransoms, that does not mean they overlook smaller practices, which can be tempting targets of opportunity — particularly those with lax security. The dark web are run by these threat groups, and data from doctors’ offices show patient information, including photographs, health history forms and other private details. Avoid HIPAA Penalties and Fines resulting from:
- Compromised communications due to phished or compromised email accounts
- Inability to access medical data due to ransomware (i.e., where hackers encrypt files and demand money to restore access)
- Unauthorized disclosure of PHI – Resulting in Breach and Notification to the OCR
- Loss of public and patient trust – reputational damage
- Malpractice allegations and lawsuits
- HIPAA Regulatory Compliance Penalties and Fines
How Can Cybernon Help? New threats to defend against..
Ransomware may constitute the biggest threat to most practices, but it is far from the only one. As regulators require more patient access to data, payers interchange more data with providers, and services like telehealth grow in popularity, increases in the number of connected devices will make practices more vulnerable to hackers.
Experts say that the pandemic has created many new threats to a practice because people are working from home. Hackers may use COVID-19 information as the lure for office staffers to click on links that install malware. Emails are made to look like they are from health departments offering the latest on vaccine distribution or other vital information. In other cases, hackers exploit a weak point of the worker’s computer.
Why smaller medical practices need cybersecurity
Hackers are opportunists and will often target the practice or facility with the lowest level of security. Instead of trying to spend weeks or months trying to get into a hospital, they can target smaller medical practices with weak cybersecurity in a couple hours. It adds up too, if a hacker hits multiple smaller practices they can walk away with more money instead of trying to extort a large healthcare organization that will bring in the law enforcement and government agencies.
HIPAA and Breach Notification Requirements
Data security laws can vary with location. Cybernon assists your firm to understand the legal responsibilities in the event of a breach.
- HIPAA Safeguards Principle: Individually identifiable health information should be
protected with reasonable administrative, technical, and physical safeguards to ensure its
confidentiality, integrity, and availability and to prevent unauthorized or inappropriate access,
use, or disclosure.
- Breach Notification Requirements: Following a breach of unsecured protected health information, covered entities must provide notification of the breach to affected individuals, the Secretary, and, in certain circumstances, to the media. In addition, business associates must notify covered entities if a breach occurs at or by the business associate.
View Breaches Affecting 500 or More Individuals
Breaches of Unsecured Protected Health Information affecting 500 or more individuals. View a list of these breaches.
Don’t be Next! Save yourself the headache. Contact us today to ensure your medical office is safe.
Get a 30 Day Free Trial of Cybernon’s Services.
Post Tags : Medical