Hacker Attacks in Healthcare: What’s Changed in 2016 So Far?
Hacks Are Still Common, But Fewer Patients Affected
… Commenting on the apparent shift to smaller organizations being targeted for hacker attacks this year, Mark Dill, principal consultant at consultancy tw-Security, and former long-time CISO at the Cleveland Clinic notes: “Larger organizations – those most likely to have access to ‘mega’ amounts of data – likely have the resources – people, technology, budget and third-party experts – to prevent hacking in the first place. Smaller organizations may struggle to adequately protect PHI because of inadequate resources. Given the success of advanced persistent threats – ultra-silent malware – it is also possible that major events have occurred but remained undetected.”
…In assessing whether a ransomware incident is reportable to HHS, Dill suggests that impacted covered entities and business associates “examine the audit logs to determine if PHI was viewed or exported before it was encrypted by the ransomware.”