Stay ahead of developments in federal and state health care law, regulation and transactions with timely, expert news and analysis.
By Alex Ruoff
Health care organizations are becoming a prime target for “cybercriminals” seeking to steal identities or damage information systems, cybersecurity experts said April 22 during the Health Care Compliance Association's Annual Compliance Institute.
Health care organizations--ranging from provider networks to hospitals and insurers--are increasingly being targeted by hackers seeking patients' personal information, David Childers, chief executive officer for the Portland, Ore.,-based software management company Compli, said. And, more than half of all health care organizations surveyed have suffered some kind of breach of data, he said.
“Health care is at risk for deliberate targeting” by cybercriminals seeking personal information as well as “hacktivists,” groups or individuals who use computer networks to promote political or personal ideologies, Childers said.
Health care organizations should be vigilant about identifying deliberate attempts to access their databases of electronic health information as they can damage business relationships and patient trust, he said.
Childers and Vivek Kirshnamurthy, an associate with the Washington, D.C.-based IT consulting firm Foley Hoag, advised health care organizations to educate all their employees on basic IT security and common schemes designed to breach IT security.
Childers said one of the common causes of data breaches--when patient information is potentially exposed to unauthorized use or access--are related to human error; typically lost devices or phishing schemes, where malicious software is downloaded into a network.
“You've got to become cyber vigilant and get your people prepared to understand what might be coming your way,” he said.
Kirshnamurthy said health care organizations need to develop and implement “cyber incident response protocols and procedures,” designed to keep employees abreast of the changing landscape of IT security.
He said organizations should conduct mock drills of breaches and hacks to ensure the effectiveness of these procedures.
The Health Insurance Portability and Accountability Act (HIPAA) requires health care organizations to protect against “reasonably anticipated threats,” Childers said. Examples of emerging threats health care organizations should anticipate are:
• operating system flaws;
• flaws in electronic health record security, such as weak passwords or outdated algorithms;
• data leaks from patient information applications; and
• cloud-based IT storage systems failures.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)