HIPAA violations caused by access issues have made news in recent weeks, where current or past employees have abused their access to EHR patient records to snoop on or steal protected health information (PHI). One rather disturbing example of such abuse was uncovered just this week at the Canton, Ohio-based Aultman Health Foundation. In this case, the PHI of roughly 7,300 patients was compromised (including Social Security numbers, health insurance info, home addresses, birthdates and treatment details).
Performing a regular Security Risk Assessment (SRA) will help an organization ensure it is compliant with HIPAA’s administrative, physical, and technical safeguards. A risk assessment also helps practices discover areas where protected health information (PHI) could be at risk. To learn more about the assessment process and how it can benefit your organization, we recommend visiting the Office for Civil Rights' official guidance.
Here we are. Talking about ransomware. Again. And the truth is, whether we are tired of talking about it or not, the current ransomware situation (especially for those in healthcare) is only getting worse as this year goes on. Simply put—things are bad. How bad? Well… bad enough for the FBI director to compare the current nationwide surge in ransomware attacks in the U.S. to the September 11th attacks of 2001. You have to admit, that’s a pretty extreme comparison. However, it’s not too far off. As we’ve seen already with the recent Colonial Pipeline attack, ransomware has the potential to bring parts of our country’s infrastructure to a grinding halt and disrupt commerce, similar to the results of a physical terrorist attack.
Fraud is one of those topics that no one really enjoys talking about. It can be uncomfortable to think that someone in your practice, even someone you are close to and believe you have a strong relationship with, would steal from you. But it happens. And you need to be aware of it because fraud and theft are far more common in healthcare practices than you might expect.
We’ve had a lot of articles about ransomware on this blog over the years, and for good reason. For roughly a half decade, healthcare organizations have been (and will likely continue to be) irresistible targets for cybergangs looking to carry out ransomware attacks. Case in point, just look at the recent May 1st attack on Scripps Health, which has left their computer network and related applications down for nearly a month (as of the writing of this article, a large portion of their systems were still down).
The healthcare industry is predicted to experience an unprecedented level of cyberattacks in 2021. That’s a pretty crazy thing to claim, considering healthcare has already been one of the most heavily targeted industries for decades. However, while healthcare providers and staff have become savvier on how to avoid such tricks over the years, cybercriminals have changed tactics time and time again, finding new ways to compromise data. In response to these ongoing threats, research also predicts the healthcare sector will spend upwards of $125 billion on cybersecurity from 2020-2025.
We did it! We survived 2020! Hands down, 2020 was the toughest year (so far) of the twenty-first century. But we got through it. As we move into 2021, this is the time when many of us are making New Year’s resolutions. To help our readers commit to new initiatives for practice success in the coming year, this blog will suggest a number of useful New Year’s Resolutions for Specialty Practices.
In case you weren’t aware, October is National Cybersecurity Awareness Month. For those in the healthcare industry, unfortunately, cybersecurity awareness is something many are still lacking. According to a report from Hervajec Group, the healthcare industry is expected to spend $65 billion on cybersecurity from 2017 to 2021. All that money being spent, and yet healthcare remains one of the most frequently targeted and worst performing sectors when it comes to cyberattacks and data breaches. Why is that? Well, it is likely because while so much of that money is being spent on technology (antivirus software, firewalls, etc.), not enough time and money is being invested in the training of people.