Hacking Incidents, Vendor Breaches Keep Surging

“Analysis of Health Data Breach Trends So Far in 2021 … Behavioral health encounters carry the most private thoughts and concerns of an individual,” says Susan Lucci, senior privacy and security consultant at consulting firm tw-Security. “If this trust is broken due to a security incident, the individual seeking guidance may not continue with the provider. HIPAA and […]

Read More

More Health Data Breaches Tied to Vendor Incidents

Hacker Attacks Against Accellion, Other Vendors Expose Patient Data … Keith Fricke, a principal consultant at tw-Security, suggests that healthcare organizations diligently assess the risks posed by vendors providing remotely hosted services or products. “Organizations should have policies and contractual language addressing vendors accessing, storing, processing or transmitting sensitive information to or from overseas locations,” […]

Read More

OIG: VA Workers Hid ‘Big Data’ Project Privacy, Security Risks

Report on Canceled VA Project Offers Governance Lessons for Others … “For a project of this nature, there needs to be a data governance committee in place that consists of interdepartmental, multidisciplinary membership beyond only IT and privacy,” says Keith Fricke, principal consultant at tw-Security. A big data initiative may also need to be reviewed […]

Read More

Latest Ransomware Trends: Lessons to Learn

Learning From Difficult Recoveries and Advice in Government Alerts … Clearly, there are no guarantees that all data will be recoverable after a ransomware attack, says Keith Fricke, principal consultant at tw-Security. “Confidence is usually high that backed-up data can be fully restored as long as ransomware-encrypted files have not become part of the backup, […]

Read More

Health Data Breaches in 2020: Ransomware Incidents Dominate

Blackbaud, Magellan Health Incidents Trigger Numerous Breach Notifications … “Ransomware continues to be a lucrative business for criminals,” says Keith Fricke, principal consultant at tw-Security. “Until targeted organizations implement security controls that effectively hamper the overall earnings of ransomware attacks, the criminals will continue using ransomware as a revenue generator.” … Phishing scams remain a […]

Read More

A Tale of Two Hacker Incidents

Healthcare Organizations Facing More Cyberthreats … Keith Fricke, principal consultant at tw-Security, predicts: “The fourth quarter of 2020 will bring a spike in criminal phishing campaigns due to the holiday season, an election year and possibly more hurricane-related destruction prompting charitable agencies seeking donations.” … Healthcare organizations need to be well-prepared to prevent, detect and […]

Read More

Lifespan Health System Hit With $1 Million HIPAA Fine

Hefty Penalty After Theft of Unencrypted Laptop … “Additionally, sometimes the problem is that if the administrative console for managing device encryption cannot definitively prove that a lost or stolen device was encrypted, an organization in that situation has to assume the worst and declare a breach,” notes Keith Fricke, principal consultant at tw-Security. … […]

Read More

Health Data Breach Trends: A Mid-Year Assessment

Biggest Incidents Have a Wide Variety of Causes … Because some recent business associate breaches – such as the Magellan ransomware incident – have affected multiple healthcare organizations, “it’s clear how interconnected we are,” notes Susan Lucci, senior privacy and security consultant at tw-Security. “With multiple points of connectivity, it is likely that if one […]

Read More