Posts Tagged ‘cybersecurity’

Guest Post: Rethinking Healthcare Cybersecurity by Focusing on the Attacker, not the Attack

October 4th, 2018 by Ofer Israeli

Why are healthcare systems so challenging to secure? What is driving this complexity. How might we rethink our approach?

Healthcare systems, like all digital networks today are increasingly inter-connected and consumer-driven. The digital transformation necessary to make them agile, also renders them easy targets for data and identity theft, insurance fraud, and other forms of cybercrime. As the recent spate of ransomware has shown, cyberattacks on healthcare institutions also disrupt vital services and risk patient safety.

Beyond the health organization’s core staff, a wide variety of guests, students, visitors, patients, maintenance workers and others have direct physical access to healthcare systems and devices. Temporary workers and contractors require access to sensitive systems while employed. External interconnection of these systems with universities, research partners, and other remote services further mitigates the effectiveness of perimeter and access security controls. Higher and thicker security walls will not support the organization’s need to break down barriers, share information, and increase patient access.

Clearly, a new approach is required. If we cannot stop attacks, then we must stop the attackers. This is not a semantic nuance. The key to protecting healthcare systems in the future will be to transform our thinking—from a focus on defending ourselves from an infinitely expanding phalanx of attacks and attack vectors, to instead focus on disrupting the attack process itself regardless of attack style or source. We must stop the attackers.

As difficult as that might sound at first blush, there is, in fact, a silver bullet that will disrupt the vast majority of attacks. Malicious actors targeting healthcare systems all share a common trait that makes them vulnerable to disruption and detection. Regardless of how they enter a healthcare network, or what their intent, attackers must move laterally across the healthcare network to access their target applications, devices, systems, and data. To move undetected, they must gather intelligence about the environment and make careful decisions regarding their attack path.

The key then, quite simply, is to disrupt the attacker’s decision-making process—to blind and befuddle them so that they cannot progress their attack. Done well, cyber deception technology disrupts the attacker’s intelligence gathering process, and destroys their ability to make accurate decisions, by flooding the attack plane with false and misleading data. Similar in effect to evasive maneuvers used in aerial combat such as disgorging flak, disrupting radar, and disorienting GPS signals, these new technologies destroy the attacker’s ability to navigate, and ensure they are detected by any movement they do decide to make.

The challenges of securing healthcare systems will continue to grow as attackers, and their tools, methods, and infrastructure, become more sophisticated and diverse. Just as digital transformation is improving efficiency and patient outcomes, the traditional security mindset must be transformed to a modern security mindset. To protect these new system architectures, we must refocus our efforts from defending against attacks to disrupting the attack process itself. Deception offers a promising path forward in this direction.

Ofer Israeli

Ofer Israeli

About the Author: Ofer Israeli, founder and CEO of Illusive Networks, pioneered deception-based cybersecurity. He leads the company at the forefront of the next evolution of cyber defense. Prior to establishing Illusive Networks, Mr. Israeli managed development teams based around the globe at Israel’s seminal cybersecurity company Check Point Software Technologies and was a research assistant in the Atom Chip Lab focusing on theoretical Quantum Mechanics.

Infographic: Top of Mind for Health IT in 2018

February 16th, 2018 by Melanie Matthews

Cybersecurity, consumer-facing technologies, predictive analytics and virtual care are the technology trends that are top of mind for healthcare IT executives, according to a new infographic by the Center for Connected Medicine.

The infographic examines how these trends may impact the healthcare industry in 2018.

2018 Healthcare Benchmarks: Telehealth & Remote Patient MonitoringOnce the domain of science fiction, these telehealth technologies have begun to transform the fabric of healthcare delivery systems. As further proof of telehealth’s explosive growth, the use of wearable health-tracking devices and remote patient monitoring has proliferated, and the Centers for Medicare and Medicaid Services (CMS) has added several new provider telehealth billing codes for calendar year 2018.

2018 Healthcare Benchmarks: Telehealth & Remote Patient Monitoring delivers the latest actionable telehealth and remote patient monitoring metrics on tools, applications, challenges, successes and ROI from healthcare organizations across the care spectrum. This 60-page report, now in its fifth edition, documents benchmarks on current and planned telehealth and remote patient monitoring initiatives as well as the use of emerging technologies in the healthcare space.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Cybersecurity in Healthcare

February 12th, 2018 by Melanie Matthews

Cybersecurity threats in the healthcare industry remain stronger than ever, and data breaches remain a top concern, according to a new infographic by Symantec.

The infographic examines the progress healthcare organizations have made in addressing cybersecurity risks and where gaps still exist.

Healthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare IndustryHealthcare Trends & Forecasts in 2018: Performance Expectations for the Healthcare Industry, HIN’s 14th annual business forecast, is designed to support healthcare C-suite planning as leaders react to presidential priorities and seek new strategies for engaging providers, patients and health plan members in value-based care.

HIN’s highly anticipated annual strategic playbook opens with perspectives from industry thought leader Brian Sanderson, managing principal, healthcare services, Crowe Horwath, who outlines a roadmap to healthcare provider success by examining the key issues, challenges and opportunities facing providers in the year to come. Following Sanderson’s outlook is guidance for healthcare payors from David Buchanan, president, Buchanan Strategies, on navigating seven hot button areas for insurers, from the future of Obamacare to the changing face of telehealth to the surprising role grocery stores might one day play in healthcare delivery. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Guest Post: Are You Preparing to Fail Healthcare Compliance in 2018?

December 19th, 2017 by Tim Feldman and Darci L. Friedman

A 2018 roadmap to healthcare compliance should focus on cybersecurity, vendor management and telehealth.

As the year winds down, we see numerous lists of priorities healthcare organizations should focus on in the coming year. However, if you are looking to those end-of-year lists for guidance on what your organization should pay attention to in 2018, you are already behind. If you do find yourself playing catch-up, drafting your 2018 compliance work plan is the best place to start.

As the roadmap for your compliance efforts throughout the year, your annual work plan should indicate key high-risk areas. The Office of Inspector General (OIG) of the Department of Health & Human Services (HHS) has indicated that developing an annual compliance work plan is integral to the administration of an effective compliance program (Measuring Compliance Program Effectiveness – A Resource Guide).

The annual work plan and compliance program administration are but one portion of what is required for an organization to have a robust and effective compliance program. The required elements of a compliance program are the following:

  • Standards, Policies and Procedures;
  • Compliance Program Administration;
  • Screening and Evaluation of Employees, Physicians, Vendors and Other Agents;
  • Communication, Education and Training;
  • Monitoring, Auditing and Internal Reporting Systems;
  • Discipline for Non-Compliance; and
  • Investigations and Remedial Measures.

These elements provide a broad framework for your organization to identify risk, proactively remediate and provide a response mechanism to mitigate when there is an exposure. Working the plan and program throughout the year helps your organization achieve a state of ongoing readiness.

Cybersecurity

Cybersecurity is one item that will likely factor more heavily in your work plan, and appropriately so. Last June, the HHS Health Care Industry Cybersecurity Task Force released a report on improving cybersecurity in the industry. The Task Force concluded that cybersecurity, at its core, is a patient safety issue and a “public health concern that needs immediate and aggressive attention.”

Some of the areas to address in the broader realm of cybersecurity include:

  • Ransomware;
  • Email security, including phishing;
  • Internet of Things (IoT) and devices;
  • Bring your own device (BYOD); and
  • Medical identity theft.

As the Task Force report notes, cybersecurity must be thought about across the continuum of care in your organization. Work to shift the culture and thinking that cybersecurity is simply a technology issue, of concern only to the IT department.

Do this by implementing policies and procedures for key cybersecurity issues and then communicating them across the organization. Follow that with training, including everyone in your organization, from staff to board members. The training should: define cybersecurity; explain how it may manifest in the organization, and address your policies and procedures, making it evident to all what they can and cannot do and how to respond.

Third-Party Vendor Management

The outsourcing of services to third-party vendors is increasingly common and for good reason. Such relationships offer great benefits, but at the same time, these relationships also carry legal, financial, reputational and compliance-related risks. Here are seven questions to evaluate your third-party vendor relationships:

  • Does your organization, as a covered entity (CE) under HIPAA, have a vendor compliance program to help you identify, manage and report on these risks?
  • Do you review and assess your vendors’ risk profile?
  • Are you familiar with each vendor’s hiring practices?
  • Do you know which vendors’ products connect to other IT systems that contain critical data, including protected health information (PHI)?
  • Do you have insight into each vendor’s information security and data privacy capabilities?
  • Do you know with which vendors you have a business associate agreement (BAA)?

For many healthcare organizations, the answer to several of these questions is likely “no,” which creates risk for those organizations. The OIG’s position is clear: healthcare entities have a responsibility to proactively identify, assess and manage the risks associated with their vendor relationships.

All vendors are NOT created equal. A good starting point in managing an effective and efficient third-party compliance program is to perform a risk-ranking of vendors based on their access to critical assets or information. By segmenting your vendor population into “risk tiers” you can focus limited resources on the most serious exposures.

Components of third-party compliance assessment should include, among other things:

  • Due diligence (background, reputation, strategy);
  • Knowledge of, and compliance with, security and privacy requirements;
  • Operations and internal controls (policies and procedures);
  • Workforce controls, background and exclusion checks; and
  • Training and education.

And, of course, with every vendor that meets the criteria of a Business Associate, ensure that a written BAA is in place. BAAs can be complex and are often daunting, but they must be carefully negotiated and acknowledged by both parties.

By ensuring your vendors have strong compliance programs in place and that they are following through on the BAA requirements, your organization is meeting its compliance obligations and doing its best to minimize its risks.

Telehealth

The compliance concerns related to the delivery of care via telehealth are numerous and include the following:

  • Licensing;
  • Credentialing;
  • Security;
  • Regulatory requirements for billing; and
  • Fraud and abuse.

An area to focus some attention on is payment under federal healthcare programs. The OIG currently has two active work items on telehealth, one for Medicaid and one for Medicare. Both of the items relate to the propriety of payment for telehealth services.

If your organization provides telehealth services, consider conducting a risk assessment to determine if you have any exposure in the area. Risk assessments are not strictly one of the 7 required elements of a compliance program, but they are often referred to as the “8th Element” given the focus on them in the Federal Sentencing Guidelines and OIG documents.
Risk assessments, along with the other elements of a compliance program, provide your organization the means to identify, prioritize, remediate and/or mitigate the myriad on-going risks it will encounter. If you are not working your compliance program and specific risk areas throughout the year, you are failing to adequately prepare for an event. By failing to prepare, as one wise man said, you are preparing to fail.

About the Authors: Tim Feldman is Vice President and General Manager of Healthcare Compliance & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. He oversees product development across a vast suite of practice tools and workflow solutions to help professionals stay ahead of regulatory developments and effectively manage compliance activities. Darci L. Friedman, JD, CHPC, CSPO, PMC-III, is the Director of Content Strategy & Author Acquisitions for Healthcare Compliance, Coding & Reimbursement at Wolters Kluwer Legal & Regulatory U.S. She is responsible for supporting the overall strategy for developing new content and features, innovating new product models, and recruiting top content contributors.

HIN Disclaimer: The opinions, representations and statements made within this guest article are those of the author and not of the Healthcare Intelligence Network as a whole. Any copyright remains with the author and any liability with regard to infringement of intellectual property rights remain with them. The company accepts no liability for any errors, omissions or representations.

Infographic: Is Your Healthcare Network Security on Life Support?

August 4th, 2017 by Melanie Matthews

With the growth of the Internet of Things (IoT), connected biomedical technology has provided a rich opportunity for healthcare to improve lives and patient outcomes. However, it has also increased fears among IT leaders in hospitals and healthcare facilities that with the proliferation of these IoT medical devices comes some very real threats to protected health information and to financial and patient safety risks, according to a new infographic by Comport Technology Solutions.

The infographic examines how why cyber criminals target healthcare organizations, the most likely types of cyberattack events targeting healthcare and how healthcare IT is focusing security efforts on IoT to mitigate threats.

Healthcare Trends & Forecasts in 2017: Performance Expectations for the Healthcare Industry Not in recent history has the outcome of a U.S. presidential election portended so much for the healthcare industry. Will the Trump administration repeal or replace the Affordable Care Act (ACA)? What will be the fate of MACRA? Will Medicare and Medicaid survive?

These and other uncertainties compound an already daunting landscape that is steering healthcare organizations toward value-based care and alternative payment models and challenging them to up their quality game.

Healthcare Trends & Forecasts in 2017: Performance Expectations for the Healthcare Industry, HIN’s 13th annual business forecast, is designed to support healthcare C-suite planning during this historic transition as leaders prepare for both a new year and new presidential leadership.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: The Healthcare Security Challenge

October 21st, 2016 by Melanie Matthews

The role of IT in healthcare delivery has expanded dramatically in just the last few years—and so has the threat from data thieves. A single, stolen healthcare record is worth hundreds of dollars on the black market—creating an estimated $6 billion cybersecurity problem for the industry as a whole, according to a new infographic by NaviSite.

The infographic examines the latest data on the healthcare security problem and a seven-step plan for protection.

2016 Healthcare Benchmarks: Digital HealthPerson-centric health management is slowly acknowledging the device-driven lives of patients and health plan members and incorporating these tools into care delivery and management efforts.

2016 Healthcare Benchmarks: Digital Health examines program goals, platforms, components, development strategies, target populations and health conditions, patient engagement metrics, results and challenges reported by healthcare organizations responding to the February 2016 Digital Health survey by the Healthcare Intelligence Network.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Healthcare Cyber Security Threat Prognosis

August 24th, 2016 by Melanie Matthews

The 10 largest healthcare cyber attacks of 2015 affected over 100 million records, valued at up to $154 per record breached, according to a new infographic by FireEye.

The infographic examines the depth of the healthcare cyber security threat, why the healthcare industry is a top target for cyber crime and the potential cost to healthcare organizations of a security breach.

Healthcare Trends & Forecasts in 2016: Performance Expectations for the Healthcare IndustryFrom cost pressures, consumerism and consolidation to a proliferation of patient-centered, value-based delivery and payment models, the state of healthcare continues to challenge organizations in the industry.

Healthcare Trends & Forecasts in 2016: Performance Expectations for the Healthcare Industry, HIN’s 12th annual business forecast, pins down the trends destined to impact the industry in the year to come and proposes tactics C-suite executives can employ to distinguish their operations in a dynamic marketplace. Click here for more information.

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

Have an infographic you’d like featured on our site? Click here for submission guidelines.

Infographic: Healthcare IT Cybersecurity

September 13th, 2013 by Jackie Lyons

Some 17,000 patient records are breached every day, according to the U.S. Department of Health & Human Services.

Furthermore, these breaches cost healthcare providers an estimated $7 billion, according to a new infographic from Eset. This infographic shows patient privacy concerns, potential ways records are being hacked and the effects on healthcare providers.

Healthcare IT Cybersecurity

Get the latest healthcare infographics delivered to your e-inbox with Eye on Infographics, a bi-weekly, e-newsletter digest of visual healthcare data. Click here to sign up today.

You may also be interested in this related resource: Cases on Healthcare Information Technology for Patient Care Management.