Focus on Securing Healthcare

Securing the health environment: Evolving cyberthreats demand shifts in strategy

Barely a day goes by without news of a new malware variant, zero day threat or medical device vulnerability. Hospitals and health systems have come to understand in recent years – with many learning the hard way – that their mission-critical IT systems are facing a relentless and determined threat from innumerable cybersecurity bad actors.

To survive in this fraught new era, healthcare organizations need agile, adaptable and forward-thinking strategies to safeguard their most important asset: data. In August, Healthcare IT News, along with our sister sites, MobiHealthNews and Healthcare Finance, will focus on the many ways the industry is succeeding – and the places it's falling short – when it comes to the all-important task of enterprise-wide security.

What you need to know

News

How to solve the 'Goldilocks' dilemma of health data sharing?

by Mike Miliard

Healthcare information is being more widely shared than ever, but how can that be balanced with the need for robust privacy protections? At Health 2.0, two experts will frame the issue.

News

Confusing laws, bad actors among the challenges facing healthcare data safety and patient privacy

by Jeff Lagasse

The legal and technological picture surrounding data is a muddy one, and the healthcare industry is scrambling to keep up.

News

Biohacking connected devices: What IT leaders need to know about the ‘Internet of Humans’

by Bill Siwicki

A cybersecurity expert offers a comprehensive and in-depth look into an emerging area of healthcare security, and offers tips for healthcare execs on what they can do and where they can look for answers.

News

Imprivata, Vocera collaborate on mobile device authentication

by Mike Miliard

The companies are combining Imprivata's Mobile Device Access technology with the Vocera Collaboration Suite, which can offer faster and more authentication across workstations, virtual desktops and mobile devices.

News

Presbyterian Healthcare phishing scam hits 183K patient records

by Nathan Eddy

Data accessed during the breach may have included patient and health plan member names as well as dates of birth, Social Security numbers and some clinical information.

Insight

Opinion: What leaders know about cybersecurity

by Rod Piechowski

Leaders know that the IT department alone cannot secure an organisation, and that the easiest path to breach the best technical defenses is through their people, writes Rod Piechowski, VP of thought advisory for HIMSS.

News

CISO security tips for managing hybrid cloud deployments

by Mike Miliard

The complexities of securing a hybrid cloud environment are not to be underestimated as more health systems contend with vendor implementations of all shapes and sizes. One prominent CISO offers tips and best practices.

News

Hospitals are demanding secure medical devices before they buy

by Susan Morse

The IoT: "Every something that comes on the market is in essence its own small computer with an ability to find its way into something."

News

Hospitals need to know: When disaster strikes, FEMA money is available to those that file quickly

by Susan Morse

Hospitals often don't file for the funds because they're unaware of what can be reimbursed and there is only a 30-day window to apply.

News

Cybersecurity: The enemy is already inside the gate

by Susan Morse

A number one recommendation is to know all of the touch points for data: how it comes in, how it's used, where it's stored and how it goes out.

News

Close to one-third of healthcare employees have never received cybersecurity training, report shows

by Jeff Lagasse

There is an apparent lack of awareness of federal regulations in both the U.S. and Canada to keep patient information secure.

News

Healthcare organizations must lock down identities and access to PHI

by Bill Siwicki

An identity and access management expert illustrates this critical area of information security and offers tips on how to best control who is accessing protected health information.

Insight

Ransomware and medical devices: How behavior analytics can protect patients

by William Scandrett

Medical devices must be managed from a security perspective, but also from an operational perspective. Using analytics to establish behavior baselines helps support risk assessments, find malfunctions and enhance staff productivity.

News

Critical security tips for provider CIOs using public clouds

by Bill Siwicki

Two healthcare CIOs and one deputy CISO offer their expert advice to their peers, explaining how to ensure security is wrapped up tight when working with public clouds.

News

Intraprise Health BluePrint Protect can help detect, manage security risks

by Nathan Eddy

BluePrint's visualization software coalesces security program data from disparate sources into a central "source of truth" founded on the company's workflow automation and rules engine.

News

How healthcare CIOs and CISOs can handle identity and access management

by Bill Siwicki

An expert in the strategies and technologies surrounding identity and access management walks through today’s challenges and discusses how provider organizations can best secure this key area.

News

Healthcare cybersecurity market poised for growth

by Jeff Lagasse

The rapid adoption of digital technologies is considered beneficial to providers, but it can lead to cybersecurity gaps.

News

Imprivata, Microsoft unveil new cloud identity and access management tool

by Mike Miliard

Imprivata Identity Governance extends Microsoft’s IAM technology with role-based access controls, streamlined auditing processes and more.

News

Medical devices pose cybersecurity and patient threat

by Susan Morse

Security breaches can happen outside of the four walls of a hospital.

News

How to find and keep top cybersecurity professionals

by Mike Miliard

The Healthcare and Public Health Sector Coordinating Council has developed a guide to building a robust cybersecurity workforce, offering four suggestions for developing skills.

News

How provider organizations can protect against credential stuffing and data scraping

by Bill Siwicki

With protected health information such a juicy target for cybercriminals, both data theft techniques are on the rise in healthcare.

News

EHNAC launches new advisory business for privacy & security compliance

by Mike Miliard

The new service from the standards development group will help healthcare clients optimize risk assessments, spot and fix compliance gaps, and manage third-party assurance needs, the standards group says.

News

California earthquakes highlight need to make evacuation decisions quickly

by Susan Morse

Ridgecrest Regional spent $72 million on a building that withstood an earthquake, but broken water pipes forced an evacuation anyway.

 
News

As new cyber risks emerge, strategies evolving – but basic principles still apply

by Mike Miliard

BlueKeep? Dridex? A state of emergency in Louisiana? Healthcare security pros find themselves living in interesting times. But with new threats emerging each day – and old ones, like phishing, not going away – some tried and true lessons are still useful.

News

Healthcare's number one financial issue is cybersecurity

by Susan Morse

The cost of a healthcare breach is about $408 per patient record and that doesn't include the loss of business, productivity and reputation.

News

FTC's $5 billion penalty for Facebook security lapses includes new health privacy restrictions

by Jeff Lagasse

The fine is the largest ever imposed on any company for violating consumers' privacy, according to the FTC.

News

Hospitals are paying for not vetting their vendors

by Benjamin Harris

More than half of hospitals say they've had one or more data breaches caused by third-party vendors in the past two years, with an average cost of $2.9 million per incident – but too many are still failing to do adequate risk assessments.

News

Security concerns, budget restrictions hamper move to cloud

by Nathan Eddy

Even as the number of organizations ready to adopt a cloud-based approach is rising, nearly a fifth of healthcare orgs surveyed said they'd consider moving their data from the cloud back on premises.

News

Security, control of data seen as key barriers to cloud adoption by pharma

by Nathan Eddy

There's continued resistance from many pharmaceutical industry executives, who think it's never possible to safely store sensitive data in the cloud.

News

Further investment needed to defend NHS against growing cyber threats, researchers warn

by Leontina Postelnicu

A team from the Institute of Global Health Innovation at Imperial College London published a paper on NHS cybersecurity this week.

News

Large health systems better prepared on security, says CHIME Report

by Nathan Eddy

While most orgs surveyed said they have network access solutions to monitor devices connected to the network, fewer than half of small providers use network segmentation to control the spread of infections.

News

IT leaders are overconfident in their data privacy management, says report

by Nathan Eddy

Even as they often rely on outmoded data management processes, 70% of execs and IT leaders say they're 'very' or 'extremely' confident of their infosec strategies.

News

Healthcare executives lack action plan to combat cybersecurity threats

by Nathan Eddy

The C-suite recognizes these threats, but 54% of respondents to a new survey said the biggest barrier to meeting privacy and security challenges was lack of adequate resources.

News

CISOs report cyberattacks on the rise in healthcare

by Nathan Eddy

According to a new study by Carbon Black, two thirds of surveyed healthcare organizations said cyberattacks have become more sophisticated over the past year.

News

As cybersecurity threats change, so must hospitals

by Benjamin Harris

A new assessment of cybersecurity threats highlights consumers’ growing role and predicts things will get worse before they get better.

News

IoT risk assessment means all hands on deck

by Benjamin Harris

The wide array of connected devices means "lot of different stakeholders that need to coordinate," on both the clinical and IT side. That requires "process and due diligence."

News

Health data security exposures doubled in one year

by Nathan Eddy

Research from Digital Shadows found imaging files particularly vulnerable.

News

Key first steps for securing unruly connected devices

by Benjamin Harris

You can't secure a network that you don't understand. Mapping hospital IoT is a must-do process for the creation of an effective defense strategy, experts say.

News

Cybersecurity is a team sport, and information sharing is key

by Benjamin Harris

Healthcare systems need to collaborate on defense and rely on AI and machine learning to respond to new threats, study finds.

News

Intermountain CISO West: Cybersecurity for revenue cycle should be a KPI

by Beth Jones Sanborn

The revenue cycle is an important target for cybercriminals because of the information that flows through it.

News

CMS responds to data breach affecting 75,000 in federal ACA portal

by Susan Morse

Open enrollment, which begins November 1, will not be negatively impacted, CMS says.

News

Secure patient data without a CISO

by Susan Morse

Hospitals and medical groups with limited security resources still have leadership options in managed care providers and virtual CISOs.

News

Anthem pays $16 million in record HIPAA settlement for data breach

by Susan Morse

Anthem is being held responsible for cyber attacks that stole the protected health information of close to 79 million people.

News

Aetna to pay $640,000 civil fine, on top of $17 million, to settle envelope breach

by Susan Morse

The settlement with New Jersey resolves two separate privacy breaches regarding members HIV/AIDS status and those with AFib.

News

Hurricane Florence: Lessons from hospitals that survived recent natural disasters

by Beth Jones Sanborn

Here are some of the things hospitals should be working to put in place and resources available during storm season.

News

Do your CEO and CFO underinvest in cybersecurity? Here's why and what to do about it

by Beth Jones Sanborn

Executives and board members aren't cybersecurity experts so putting it in terms they can digest is crucial -- and that takes "real-life resonance."