Posts

TARGET: SingHealth Patient Data Breach

Singapore authorities reported on a cyber-attack affecting SingHealth, the largest group of healthcare institutions in Singapore. This cyber-attack is the largest known cyber-attack targeting organizations based in Singapore that has been reported by Singapore news media. The cyber-attack appears to have resulted in a data breach affecting around 1.5 million patients who visited SingHealth between May 1, 2015 to July 4, 2018. The data breach included personally identifiable information such as names, NRIC, address, gender and race. Around 160,000 of these patients also had their outpatient prescriptions stolen. The Prime Minister of Singapore’s personal information was targeted as part of the attack.

The attack was first identified by database administrators from the Integrated Health Information System (IHIS) on July 4, 2018, when they identified anomalous activity on one of SingHealth’s IT databases. By July 10th, investigators confirmed it was a cyber-attack, with data stolen between June 27 and July 4.

Although attribution to the exact party that performed the attack is speculative with the data that is publicly available, a statement by the Singapore Health Ministry stated that “It [the attack] was not the work of casual hackers or criminal gangs.” We expect to be able to understand more about the attackers once more technical data is available.

Proficio Threat Intelligence Recommendations:

  • Ensure that any sensitive data is encrypted, and limit access of employees and other stakeholders by their roles using the principle of least privilege. Passwords that are stored should be encrypted, and strong password policies should be enforced.
  • Review the organization’s data retention policies on the duration and the types of PII data that should be stored. To further limit data exposure, companies are advised to purge customer’s PII if it is unneeded for business purposes and not required anymore to be retained by law.
  • Any potential victim can check if their data have been compromised by accessing the following website: https://datacheck.singhealth.com.sg.


General Information – Click Here

125+ cybersecurity companies in healthcare to know | 2018

Healthcare organizations face an increasing threat from cyber attacks and hospitals are spending big to ensure their patients’ data is protected. In 2017, healthcare spending on IT reached $100 billion and there were around 32,000 intrusion attacks per day on healthcare organizations, according to FortiGuard Labs, as reported by CSO.

Here are more than 125 companies focused on cybersecurity for hospitals, health systems and other healthcare organizations…

Read More

TARGET: Nuance Communications – Lost Revenue and PHI

Nuance Communications, a healthcare software company which specializes in speech and imaging, has had a run of bad luck with external and internal incidents in 2017.

Last year NotPetya malware cost the company $92 million in revenue, mainly from the disruption of transcription services and systems used by healthcare customers. Nuance quickly attempted to restore client functionality which took over a month for complete remediation and restoration. This attack constituted a security incident under the HIPPA Security Rule but not a breach of PHI under the BNR (Breach Notification Rules).

In December 2017, only months following the NotPetya incident, there was an unrelated data breach from a former Nuance employee involving the PHI of 45,000 individuals. The records included healthcare provider’s patient assessments, diagnoses, dates of service and care plans. The attacker  stole these records through an unauthorized access of a transcription platform.

Nuance stated that it continues to enhance its security protection to prevent further cyberattacks as these incidents have resulted in negative press and has lost potential revenue.

Proficio Threat Intelligence Recommendations:

  • Proper network segmentation to mitigate the spread of malware outbreaks
  • Implement and enforce access controls to prevent unauthorized access
  • Backup critical systems and store them off-network

 

General Info – Click Here

107+ cybersecurity companies in healthcare | 2017

Healthcare organizations across the globe are more susceptible than ever to hacks and data breaches, which can cost a hospital or health system millions to fix and damage their reputation. As a result, hospitals are investing more in cybersecurity and risk management services.

Organizations face internal threats from email scams, cloud sharing and lost mobile devices, as well as external threats such as hackers. The global healthcare cybersecurity market is expected to reach $10.8 billion by 2020, according to a Grand View Research report.

Here are more than 100 cybersecurity companies in the healthcare space, listed in alphabetical order…

See the List

The 4 biggest healthcare IT headaches

To avoid violating regulations, which could result in tens of thousands of dollars (or more) of fines and negative publicity, healthcare providers must ensure that their facilities are in compliance and be constantly on the lookout for security threats.

And “while the governance of information causes headaches for IT leaders across all industries, when it comes to healthcare, the myriad of confidentiality and privacy concerns for CIOs and health information management administrators creates added complexity,” says Ken Mortensen, data protection officer at InterSystems. One slip-up and “IT leaders risk exposing [sensitive] health information, or, even worse, contributing to an unfortunate patient outcome.”…

Read More

THE CLOUDIFICATION OF HEALTHCARE: BENEFITS AND RISKS

Many organizations are moving most of their business-critical applications and workloads to the cloud. The healthcare industry is no exception – hospitals, payers and other organizations also are making moves to the cloud.

While they’re working hard to improve their security measures and making great strides to better protect their data, security challenges continue to evolve.

As the organizational structure of healthcare facilities continues to advance, cloud adoption brings numerous benefits for these institutions. Not long ago, patient files were all on paper – placed into a folder that never left the physician’s office. But with the consolidation and reorganization of many healthcare organizations, this approach has become outdated and replaced by electronic records…

Read More

HOW TO ACHIEVE HIPAA COMPLIANCE