HHS Information Security Program Still ‘Not Effective’

Audit Again Cites Contingency Planning Weaknesses … Tom Walsh, founder of consulting firm tw-Security, says “resiliency equals survival.” He adds: “There is a long history of businesses that no longer exist because of inadequate contingency planning – or worse, those who mistakenly thought, ‘it won’t happen to me,’ and did not even take basic precautions […]

Read More

Vendor Breach Involved PHI Exposure on GitHub

Several Healthcare Entities Issue Notices to Patients About Incident … “Security needs to be assessed from different angles,” notes Tom Walsh, founder of consulting firm tw-Security. “Most often, the focus is on the front-end security controls of an application that control access to databases. Hackers will often attack the backend – databases.” “Therefore, security needs […]

Read More

A Tale of Breach Notification Blunders

Health System Addresses Some Victims as ‘Deceased’ … “Responding to patients about a data breach is a huge responsibility, and organizations must take additional precautions to ensure that it is handled properly to avoid further mistakes,” says Susan Lucci, senior privacy and security consultant at tw-Security. “Without proper oversight and testing of the planned response process, […]

Read More

Hacking Incidents, Vendor Breaches Keep Surging

“Analysis of Health Data Breach Trends So Far in 2021 … Behavioral health encounters carry the most private thoughts and concerns of an individual,” says Susan Lucci, senior privacy and security consultant at consulting firm tw-Security. “If this trust is broken due to a security incident, the individual seeking guidance may not continue with the provider. HIPAA and […]

Read More

More Health Data Breaches Tied to Vendor Incidents

Hacker Attacks Against Accellion, Other Vendors Expose Patient Data … Keith Fricke, a principal consultant at tw-Security, suggests that healthcare organizations diligently assess the risks posed by vendors providing remotely hosted services or products. “Organizations should have policies and contractual language addressing vendors accessing, storing, processing or transmitting sensitive information to or from overseas locations,” […]

Read More

OIG: VA Workers Hid ‘Big Data’ Project Privacy, Security Risks

Report on Canceled VA Project Offers Governance Lessons for Others … “For a project of this nature, there needs to be a data governance committee in place that consists of interdepartmental, multidisciplinary membership beyond only IT and privacy,” says Keith Fricke, principal consultant at tw-Security. A big data initiative may also need to be reviewed […]

Read More

Latest Ransomware Trends: Lessons to Learn

Learning From Difficult Recoveries and Advice in Government Alerts … Clearly, there are no guarantees that all data will be recoverable after a ransomware attack, says Keith Fricke, principal consultant at tw-Security. “Confidence is usually high that backed-up data can be fully restored as long as ransomware-encrypted files have not become part of the backup, […]

Read More

Health Data Breaches in 2020: Ransomware Incidents Dominate

Blackbaud, Magellan Health Incidents Trigger Numerous Breach Notifications … “Ransomware continues to be a lucrative business for criminals,” says Keith Fricke, principal consultant at tw-Security. “Until targeted organizations implement security controls that effectively hamper the overall earnings of ransomware attacks, the criminals will continue using ransomware as a revenue generator.” … Phishing scams remain a […]

Read More