CommonSpirit’s Ransomware Incident Taking Toll on Patients

Also: Why Some Facilities Are Affected While Others Are Not … “The reliance on the electronic medical record continues to grow and that is to be expected,” says Susan Lucci, senior privacy and security consultant at tw-Security. Information like allergies, recent diagnoses, and current medications can influence patient care decision-making, she says. “This is another […]

Read More

Feds Warn Healthcare Over Cobalt Strike Infections

Red-Teaming Tool Poses Ongoing Risks When Used by Hackers, HHS Warns … Detection should lead to quick action, says Keith Fricke, principal consultant at privacy and security consultancy tw-Security. Cobalt Strike and other red-teaming tools are ”’legitimate’ in the sense that they can be used by red teamers, but are offensive security tools,” he says. […]

Read More

VA Center’s IT Legacy Flaws Common at Other Health Entities

OIG Security Audit of Texas VA Facility Found Familiar Problems … There are other reasons why many healthcare entities continue to keep legacy IT systems and equipment running long after they are no longer supported by vendors, says senior privacy and security consultant Susan Lucci of tw-Security. Risks associated with obsolescence are “not generally top of mind, […]

Read More

Texas Hospital Still Struggling Through Ransomware Attack

Attackers Demand ‘Tens of Millions Dollars’ as Entity Is ‘Walled Off From World’ …”Phone systems typically have back-end server infrastructure that can be susceptible to ransomware attack. Incident response plans must call out contingencies for communication system failures such as voice and email systems,” says Keith Fricke, principle consultant at privacy and security consultancy tw-Security. Organizations typically […]

Read More

Law Firm Says Year-Old Hack Affected PHI of 255,000 People

Besides a Lag in Reporting, Some of the Compromised Data Was a Decade-Old … Keith Fricke, principal consultant at privacy and security consultancy tw-Security, offers a similar assessment. “What is concerning about the incident is the amount of PHI involved, Fricke says “It makes you take pause and ask how many other law firms store, […]

Read More

Report: Organ Transplant Data Security Needs Strengthening

United Network of Organ Sharing Security and IT Management Under Scrutiny …”In many healthcare organizations, the IT department is overhead, meaning IT is necessary for the business operations, but it is not the main mission of the organization. Therefore, IT tends to be underfunded and understaffed,” says Tom Walsh, president of consultancy tw-Security. “Information security […]

Read More

Latest US Health Data Breaches Follow Worrisome Trends

Federal Tally Underscores Biggest Hacking Threats, Risks From Vendors … Regulatory attention on the steady rise of business associate breaches appears to demonstrate that vendors are under closer scrutiny, says Susan Lucci, senior privacy and security consultant at consulting firm tw-Security. This is sending an important message to vendors, she says. “As a result of […]

Read More

More Major Hacking Incidents Added to HHS Breach Tally

Latest Analysis of Federal Health Data Breach Reporting Site … Keith Fricke, principal consultant at privacy and security consulting firm tw-Security, offers a similar assessment. “Incident response and forensic investigation takes time, especially when the victim organization is large and has voluminous data and logs to review to determine scope of a breach,” he says. […]

Read More