BreachExchange mailing list archives
New Cybersecurity Report Focuses on Protecting Health Data
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Fri, 6 Feb 2015 11:44:03 -0700
http://www.marketwired.com/press-release/new-cybersecurity-report-focuses-on-protecting-health-data-1989367.htm In the wake of recent cyberattacks targeting health data, The Doctors Company has issued a new report, "Healthcare Data Breaches: Risk and Mitigation Tips." This in-depth report is among numerous cybersecurity resources provided by the nation's largest physician-owned medical malpractice insurer to assist healthcare organizations and physicians in protecting data. The cybersecurity report discusses the threat of new technologies such as spear phishing, which is e-mail designed to lure recipients into providing personal information and clicking on malicious links, and ransomware, in which attackers encrypt files and demand payment to decrypt the files. The report also discusses the risks of sharing data with vendors, the complexities of responding to a breach, the threat of data breach class action lawsuits, and tips for preventing or minimizing a data breach. "Healthcare organizations such as health insurer Anthem, which recently fell victim to a data breach that could affect as many as 80 million consumers, experience 51 percent of all cyberattacks," said Craig Musgrave, senior vice president, CIO, The Doctors Company. "Cybercriminals target healthcare entities for two main reasons-healthcare organizations fail to upgrade their cybersecurity as quickly as other types of business, and criminals find personal patient information particularly valuable to exploit." A breach that involves personal health information (PHI) must be reported to the U.S. Department of Health and Human Services' Office for Civil Rights, which enforces the Health Insurance Portability and Accountability Act (HIPAA) and has the power to issue fines. Organizations with health data such as Anthem potentially could face both HIPAA and Health Information Technology for Economic and Clinical Health Act (HITECH) fines if found not fully compliant with privacy and security rules.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus on the right security. If you need security help or want to provide real risk reduction for your clients contact us!
Current thread:
- New Cybersecurity Report Focuses on Protecting Health Data Audrey McNeil (Feb 13)