New Cybersecurity Report Focuses on Protecting Health Data

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.marketwired.com/press-release/new-cybersecurity-report-focuses-on-protecting-health-data-1989367.htm

In the wake of recent cyberattacks targeting health data, The Doctors
Company has issued a new report, "Healthcare Data Breaches: Risk and
Mitigation Tips." This in-depth report is among numerous cybersecurity
resources provided by the nation's largest physician-owned medical
malpractice insurer to assist healthcare organizations and physicians in
protecting data.

The cybersecurity report discusses the threat of new technologies such as
spear phishing, which is e-mail designed to lure recipients into providing
personal information and clicking on malicious links, and ransomware, in
which attackers encrypt files and demand payment to decrypt the files. The
report also discusses the risks of sharing data with vendors, the
complexities of responding to a breach, the threat of data breach class
action lawsuits, and tips for preventing or minimizing a data breach.

"Healthcare organizations such as health insurer Anthem, which recently
fell victim to a data breach that could affect as many as 80 million
consumers, experience 51 percent of all cyberattacks," said Craig Musgrave,
senior vice president, CIO, The Doctors Company. "Cybercriminals target
healthcare entities for two main reasons-healthcare organizations fail to
upgrade their cybersecurity as quickly as other types of business, and
criminals find personal patient information particularly valuable to
exploit."

A breach that involves personal health information (PHI) must be reported
to the U.S. Department of Health and Human Services' Office for Civil
Rights, which enforces the Health Insurance Portability and Accountability
Act (HIPAA) and has the power to issue fines. Organizations with health
data such as Anthem potentially could face both HIPAA and Health
Information Technology for Economic and Clinical Health Act (HITECH) fines
if found not fully compliant with privacy and security rules.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!