September 25, 2020 – Many healthcare providers struggle with finding and retaining security staff, as well as budget constraints, which make it difficult to properly secure the enterprise. In response, a host of industry stakeholders have provided free cybersecurity resources to support those organizations in shoring up vulnerabilities and keeping pace with the ever-evolving threat landscape. 

So far in 2020, some of the biggest data breaches were caused by ransomware, business associates, phishing, and hacking incidents. All have spotlighted the industry’s biggest vulnerabilities, while continuing to serve as a reminder of the need to find these gaps and strengthen the overall cyber posture across the sector. 

An abundance of resources provide healthcare entities with nearly step-by-step guidance on the biggest threats, including ransomware, telework, supply chain, and other significant risks. As industry stakeholders have continued to stress, providers can no longer take a reactive approach to cybersecurity. 

NIST 

CynergisTek reported that just…

Read More…

August 26, 2020 – The Office of Civil Rights recently shared ways an IT asset inventory can create a more effective risk analysis to close information security gaps and support HIPAA compliance. Given the sophistication of the current threat landscape, these functions will prove crucial in supporting an overall resilient healthcare information security program. 

While cybersecurity awareness has drastically improved across the healthcare sector, Impact Advisor’s Shefali Mookencherry, Principal Advisor and Solution Leader of Information Security, Privacy, and Disaster Recovery, explained that has not translated into a more secure infrastructure. 

Currently, there are far too many cybersecurity considerations when it comes to making a more secure healthcare system, as internal users continue to be one of the biggest risks to the healthcare system and hackers are increasingly improving the sophistication of their phishing campaigns, she added. And those threats have rapidly increased amid the COVID-19 pandemic. 

In the last week alone, reports from security 

Read More…

Throughout the course of the first half of 2020, the FBI, the Department of Homeland Security, and a number of security agencies ramped up cybersecurity alerts—many of which directed at the healthcare sector—in an effort to support vulnerable industries responding to the COVID-19 crisis. In response, hackers steadily worked to target the rapid rise in telework and telehealth.

While the number of reported cybersecurity incidents in the healthcare sector are fewer than in previous years, it does not mean the number of attacks have declined. Security researchers and federal agencies have all reported rises in cyberattacks on cloud services, remote platforms, mobile devices, and other endpoints.

For the healthcare sector, already burdened with the Coronavirus response, the expanded threat landscape could lead to some serious issues down the line. Fortunately, the majority of these advisories contain key elements that could allow enterprises to effectively close some of these critical gaps.

Multi-Factor Authentication

A report from Microsoft found that 99.9 percent of all…

Read More…

June 10, 2020 – The COVID-19 pandemic has fueled the pace of change in the healthcare sector, from telehealth expansion to the rapid deployment of temporary hospitals. But the increase in telework, mobile tech, remote care, and temporary hospitals has also expanded the threat landscape, which could have lasting consequences.

Indeed, cybercriminals have rapidly worked to take advantage of the new landscape, targeting virtual private networks (VPNs), cloud service platforms, and remote workers in an effort to financially benefit from the pandemic.

Given the pace and scope of the deployment of remote technologies and temporary sites, healthcare organizations should be closely monitoring its systems to ensure they’re protected from these new threats.

“Because these healthcare facilities are essentially an extension of the healthcare industry (i.e. hospitals and doctors’ offices), they offer hackers a lot more room to work with,” Jake Olcott, BitSight vice president of Communications and Government Affairs. “Given this, the hackers specifically targeting the healthcare…

Read More…