A Tale of Two Hacker Incidents

Healthcare Organizations Facing More Cyberthreats … Keith Fricke, principal consultant at tw-Security, predicts: “The fourth quarter of 2020 will bring a spike in criminal phishing campaigns due to the holiday season, an election year and possibly more hurricane-related destruction prompting charitable agencies seeking donations.” … Healthcare organizations need to be well-prepared to prevent, detect and […]

Read More

Lifespan Health System Hit With $1 Million HIPAA Fine

Hefty Penalty After Theft of Unencrypted Laptop … “Additionally, sometimes the problem is that if the administrative console for managing device encryption cannot definitively prove that a lost or stolen device was encrypted, an organization in that situation has to assume the worst and declare a breach,” notes Keith Fricke, principal consultant at tw-Security. … […]

Read More

Health Data Breach Trends: A Mid-Year Assessment

Biggest Incidents Have a Wide Variety of Causes … Because some recent business associate breaches – such as the Magellan ransomware incident – have affected multiple healthcare organizations, “it’s clear how interconnected we are,” notes Susan Lucci, senior privacy and security consultant at tw-Security. “With multiple points of connectivity, it is likely that if one […]

Read More

A Tale of 2 Health Data Breaches: Persistent Challenges

Protecting Legacy Systems, Email Proves Difficult for Many … Keeping legacy information systems secure from ransomware attacks, as in the RDH breach, and other intrusions is an ongoing challenge, says Tom Walsh, president of consulting firm tw-Security. “Retired legacy systems normally have limited access and are no longer considered a critical application,” Walsh says. “Therefore, […]

Read More

Ransomware Attacks Hit 2 More Healthcare Organizations

Security Advisers Offer Risk Mitigation Tips … Healthcare organizations should take a number of critical steps to prevent falling victim to ransomware, says Tom Walsh, president of consulting firm tw-Security. “The most important step in prevention of ransomware is workforce awareness,” he says. “Because phishing emails are common and getting more sophisticated, employees could be easily […]

Read More

The Insider Threat – Lessons From 3 Incidents

How to Detect, Prevent Inappropriate Access by Authorized Users … For hospitals and clinics, trying to identify unauthorized access to patient information “is like looking for a needle in a haystack,” says Tom Walsh, president of the consultancy tw-Security. “That’s why an advanced audit tool – application/program – is needed. It acts like a large […]

Read More

Health Data Breach Update: What Are the Causes?

Phishing Still a Major Culprit, But Other Challenges Emerge … “Hackers have stepped up their efforts during the pandemic – tricking people – especially telecommuters who may be new to the ‘work at home’ concept – to click on a link, open an attachment, download an app, etc.,” says Tom Walsh, president of consulting firm tw-Security. … “We […]

Read More

GAO: HHS Has Failed to Act on Security Recommendations

Watchdog Report Spotlights Steps Agency Has Not Yet Taken … “The security risk analysis is often not done or not done correctly, as evidenced by the corrective action plans after HHS Office for Civil Rights investigates a large data breach,” notes Susan Lucci, senior privacy and security consultant at consultancy tw-Security. That inaction could be related […]

Read More