Monthly Healthcare News Roundup: Black Market PHI Driving Espionage, Migrating to the Cloud to Protect Healthcare Data Security, and More

Every month, we compile the most compelling healthcare privacy and security related news stories. Below, you’ll learn more about black market PHI driving espionage, an alarming amount of hospital workers not receiving cybersecurity training, migrating to the cloud to protect healthcare data security, and more.

Cheap black market PHI drives ransomware, espionage

Healthcare organizations host scores of personal health information – sensitive data that’s constantly sought after by hackers and foreign entities as a means of espionage. Even after a breach occurs, compromised PHI can be sold cheaply on the dark web – and cyberattacks can still happen long after.

Despite the eminent risk, hospitals still struggle with security. A new study by the cybersecurity firm FireEye takes an in-depth look at how cyber threats affect the healthcare industry. Of the information that hackers sought, cancer research and medical device development were targeted the most frequently. Read the full article for more details on how healthcare systems can avoid threats like ransomware and espionage.

Most hospitals are behind on finding, responding to threats

“No good head of cybersecurity would ever describe a solution as being ‘set it and forget it,’ but there is a degree of automation that the modern healthcare IT network needs to have.” – Benjamin Harris, Healthcare IT News

As healthcare technology continues to develop, so do new vulnerabilities. Fidelis’ 2019 State of Threat Detection Report finds that, although hospital network traffic has grown, their security postures struggle to keep up. How can medical organizations protect themselves against cybersecurity risks like ransomware attacks and insider threats? Ways to help facilities gain visibility into their networks and protect the security of patient data include enabling proactive monitoring with  automated threat detection and response.

Presbyterian alerts 183,000 patients of data breach

Presbyterian Healthcare Services in Albuquerque has reported a data breach that impacted the data of 183,000 patients. Caused by an employee responding to a phishing scam, the breach allowed access to patient names, dates of birth, and Social Security numbers.

According to Melanie Mozes, spokeswoman for Presbyterian, although access was granted to personally identifiable information (PII), there is no evidence to suggest that the hackers received electronic health records or billing information.

“At Presbyterian, we take the responsibility of protecting the privacy of our patients and members very seriously,” said Dale Maxwell, Presbyterian Healthcare Services President and CEO. “We deeply regret that this event occurred and are committed to taking steps to help prevent this type of incident from happening again.”

Survey finds alarming number of healthcare workers have not had cybersecurity training

In the first six months of 2019 alone, nearly 32 million patient records were breached – already twice the amount that occurred in all of 2018. In spite of the urgency, 32% of healthcare employees have never received cybersecurity training, according to a new Kaspersky report. Kaspersky, a cybersecurity company, teamed up with research firm Opinion Matters to survey 1,758 North American healthcare employees in a range of different roles from doctors to administrative and IT staff.

Of the participants, 19% admitted to needing more cybersecurity training in their organization and 18% of United States respondents reported that they don’t know what the HIPAA security rule means. How can healthcare privacy and security professionals remedy these alarming statistics? Read the full article to find out more.

Hospitals’ blind spots are fueling the opioid crisis — Here are specific ways leaders can address them

Healthcare organizations have a dangerous blind spot – and it’s propelling the opioid epidemic.

Medical bioethicist Travis Rieder, PhD, is blowing the whistle on this dilemma based on personal experience – in 2015, he endured a motorcycle accident that led to six surgeries within a matter of months and left him in excruciating pain. He was prescribed powerful opioids to get him through, but when he wanted to taper off, he was brushed off by the same doctors who wrote the prescriptions.

“We called everybody, and a bunch of them wouldn’t even talk to me,” he told NPR. “And this includes the pain management team. They would not speak with me, and the message they sent through a nurse was, ‘We prescribe opioids, but we don’t help with tapering.'”

What can healthcare leaders do to address this gap? Read the article to find out more.

The pros and cons of moving to the cloud for providers

As the industry matures, healthcare CISOs find a growing acceptance of cloud computing for clinical use, privacy, and security. But as organizations begin to adopt the cloud, they need a fully fleshed-out plan to support the transition.

Some organizations, particularly smaller ones, may find the migration to cloud to be more complicated than others. And maintaining security is a top concern, especially as healthcare data becomes more digitally accessible. The key is adopting a cloud solution that covers an organization on a long-term basis instead of focusing on filling immediate needs.

“The way many organizations invest in technology is they have a roadmap for what they’re trying to achieve, and look at vendors who can meet that strategy – in healthcare it’s more haphazard,” said Dr. Larry Ponemon, CEO and founder of the Ponemon Institute. “They buy a tool to meet an immediate need, but in many cases they’re not looking at the bigger picture.”