Tracking Common Causes of Recent Health Data Breaches
Analyzing Trends Reflected on ‘Wall of Shame’ Tally So Far This Year
“Phishing continues to be easier access for cybercriminals than it should be,” says Susan Lucci, senior privacy and security consultant at tw-Security. “While many covered entities are educating their workforce on how to recognize and report phishing attacks, we continue to observe that when these organizations conduct phishing expeditions through a managed process, the results are worse than they expected.”
… Lucci says covered entities need to be proactive in their security risk management involving vendors.
“If covered entities are not obtaining reasonable assurances in writing as to their BA’s compliance efforts, with some evidence of that compliance, they are risking a partner who may not be protecting PHI and personally identifiable information in the same manner that is required by federal and state regulation,” Lucci notes.
“All too often, after a business associate is working with a covered entity, the lines of communication focus only on the business services and deliverables. A business associate is an extension of the CE’s workforce and privacy and security communications should be taking place between the CE and their BAs.”