Security News Focus: Healthcare Faces Wave of Converged Security Challenges

Healthcare Remains a Major Target of Cyber Attacks with Potential Physical Security Ramifications

Converged Security Solutions presents a specialized news round-up focusing on recent converged security and cybersecurity news affecting the healthcare industry. Healthcare is one of the top sectors that is affected by converged security threats, with cyber breaches potentially affecting the proper operation of medical devices, chart data, and patients' personal lives. Healthcare leaders tasked with operational security can review our services to learn more about processes and tools protecting against both cyber and physical threats.

Increase in Ransomware Attacks, Healthcare Industry is the Main Target

As reported by HIPAA Journal, healthcare is the biggest target for the recent increase in ransomware attacks, with 37 percent of such attacks aimed at the industry. September reportedly had twice as many ransomware attacks as August. HIPAA Journal notes that the most sought after data comes from larger healthcare organizations, as they typically have more resources to pay extremely high ransoms in the event of a breach. However, small to medium sized organizations in healthcare are also major targets for hackers due to the easiness of the hack itself as they have less security resources.

White Paper: Physicians and Hospital Administrators See Shared Need for Incident Response Plans

A new white paper from Abbott and the Chertoff Group presents a study determining that the majority of physicians and hospital administrators feel less than adequately prepared when it comes to cybersecurity. The study of 100 hospital administrators and 300 physicians found that many in the industry view cybersecurity as a "priority" and a "shared responsibility," particularly when it comes to potential vulnerabilities from connected medical devices. The white paper examines three critical areas in need of focus: industry-wide standards, incident responses processes, and improved training. The white paper was presented at the US News & World Report Healthcare of Tomorrow conference in Washington, DC.

HHS Report States FDA Is Lacking in Medical Device Security

The US Department of Health and Human Services’ Office of the Inspector General released a recent report noting that the FDA is failing to put in enough effort towards protecting against medical device hacks. HHS claims that the FDA needs to conduct a more accurate assessment of the cybersecurity for medical devices as well as include cyberattacks in their emergency documents. HHS also suggested the FDA do exercises to prepare for cyber events among other recommendations. The FDA has immediately remedied nearly all of the highlighted issues, but disagrees with the idea that they have not sufficiently assessed the cybersecurity of medical devices.

Jones Eye Clinic Reports Data Breach

Jones Eye Clinic and its surgery center in Iowa has disclosed a data breach with an impact spanning 15 years, according to Info Risk Today. While the clinic was able to recover their systems on the day of the attack and avoid a ransom payment, this has historically not been the norm in healthcare  breaches. According to Info Risk, 40,000 patients have potentially been affected and have been notified of the incident. Among the information revealed were social security numbers, insurance statuses, and claims information of some of the clinic and surgery center’s patients that registered or had a service during the January 1st, 2003 to August 23rd, 2018 time frame.

Alabama Hospital Hit With Breach, Exposing Applicant Data

Huntsville Hospital, located in Alabama, discovered a breach of a third party recruiting company used by the hospital, according to SC Magazine. Jobscience, the vendor who provides the online application for the recruiting company, was the target of the breach. As a result, potentially thousands of Huntsville Hospital job applicants had their information exposed. This personal information may include Social Security Numbers, in which case victims will be provided identity theft protection, SC Magazine reports.

Healthcare.gov Breach Included Social Security Numbers

An update on the recent Healthcare.gov breach was released by BankInfoSecurity, noting that the total so far of exposed victims is 75,000. There was evidence of inappropriate access to the data including personal information such as the last four digits of social security numbers, genders, birth dates, names, and addresses. In addition to this information, details regarding family relationships, taxes, income, information from other federal agencies, results of healthcare applications, and insurance plan details including cost were exposed, BankInfoSecurity notes. Participants who had data exposed in the breach will receive free identity theft protection offered by HHS.

Are you a healthcare provider tasked with improving the security situation of your facility and your patients? Visit our services page to learn more about the CSS suite of services, including managed security services and end-to-end cyber-and-physical protection.

Converged Security Solutions has experts specializing in cyber defense, risk quantification, and physical security services. We offer services as an end-to-end solution or focused on specific threats as needed, to organizations and corporations of all sizes. To start a conversation and learn more about our services, contact us and visit our services page.