Health Organizations Slammed by Cyber Breaches

Join Our Mailing List

Top TEN Health Organizations Slammed by Cyber Breaches

Last year, the FBI released a private notice to the healthcare industry warning providers that their cybersecurity systems are lax compared to other industries, according to Reuters.

The notice reportedly stated, “The healthcare industry is not as resilient to cyber intrusions compared to financial and retail sectors, therefore the possibilities of increased cyber intrusions is likely.”

More: http://managedhealthcareexecutive.modernmedicine.com/managed-healthcare-executive/news/ten-health-organizations-slammed-cyber-breaches?page=0,1

***

lock

READ: Under Attack: Executives Face Rising Cybersecurity Risks

***

Considering the recent outbreak of major breaches affecting the industry, it appears that those concerns were warranted. The healthcare industry accounted for 43% of major data breaches reported in 2014, according to the Identity Theft Resource Center.

While 2015 data are not yet available, the steady stream of cybersecurity breaches has continued, and many organizations have already reported major breaches. Here are 10 recent victims.

Conclusion

Your thoughts and comments on this ME-P are appreciated. Feel free to review our top-left column, and top-right sidebar materials, links, URLs and related websites, too. Then, subscribe to the ME-P. It is fast, free and secure.

Speaker: If you need a moderator or speaker for an upcoming event, Dr. David E. Marcinko; MBA – Publisher-in-Chief of the Medical Executive-Post – is available for seminar or speaking engagements. Contact: MarcinkoAdvisors@msn.com

OUR OTHER PRINT BOOKS AND RELATED INFORMATION SOURCES:

***

[Foreword Dr.Mata MD CIS]

***

  Risk Management, Liability Insurance, and Asset Protection Strategies for Doctors and Advisors: Best Practices from Leading Consultants and Certified Medical Planners™

***

“Physicians have more complex liability challenges to overcome in their lifetime, and less time to do it, than other professionals. Combined with a focus on practicing their discipline, many sadly fail to plan for their own future. They need trustworthy advice on how to effectively protect themselves, families and practice, from the many overt and covert risks that could potentially disrupt years of hard work. Fortunately, this advice is contained within Risk Management, Liability Insurance, And Asset Protection Strategies For Doctors And Advisors [Best Practices From Leading Consultants And Certified Medical Planners™].

Written by Dr. David Edward Marcinko, Nurse Hope Rachel Hetico and their team of risk managers, accountants, insurance agents, attorneys and physicians, it is uniquely positioned as an integration of applied, academic and peer-reviewed strategies and research, with case studies, from top consultants and Certified Medical Planners™. It contains the latest principles of risk management and asset protection strategies for the specific challenges of modern physicians. My belief is that any doctor who reads and applies even just a portion of this collective wisdom will be fiscally rewarded. The Institute of Medical Business Advisors has produced another outstanding reference for physicians that provide peace of mind in this unique marketplace! In my opinion, it is a mandatory read for all medical professionals.”

David K. Luke MS-PFP, MIM, CMP™ [Net Worth Advisory Group, Inc., Sandy, Utah, USA

http://www.CertifiedMedicalPlanner.org

Advertisements

9 Responses

  1. Your Ashley Madison Account
    [Paul recommends to read this email]‏
    But … don’t fall for it!

    I just received this email message from sharingservices@aol.com:

    ******************************************************************

    Unfortunately your data was leaked in the recent hacking of Ashley Madison and I know have your information. I have also used your user profile to find your Facebook page, using this I can now message all of your friends and family members.

    If you would like to prevent me from sharing this dirt info with all of your friends and family members (and perhaps even your employers too?) then you need to send 1 bitcoin to the following BTC address.

    Bitcoin Address:
    1AEJiZFnELwRZVjmVSvDSwUaXNZy4X9bQN

    You may be wondering why should you and what will prevent other people from doing the same, in short you now know to change your privacy settings in Facebook so no one can view your friends/family list. So go ahead and update that now (I have a copy if you don’t pay) to stop any future emails like this.

    You can buy bitcoin using online exchanges easily. If the bitcoin is not paid within 3 days of 23 Sep 2015 then my system will automatically message all of your friends and family members. The bitcoin address is unique to you.

    Consider how expensive a divorce lawyer is. If you are no longer in a committed relationship then think about how this will affect your social standing amongst family and friends. What will your friends and family think about you?

    Sincerely,
    Paul

    ******************************************************************

    Object lesson to all ME-P readers and subscribers

    After review, I noted the following faults with this blast message:

    * No sender last name.
    * Sender blast email service
    * Multiple email addresses
    * Poor grammar
    * I do not have – or ever had – a Facebook account
    * I do not have – or ever had – an AM account

    Don’t fall for this ploy. Forewarned is forearmed.

    Dr. David E. Marcinko MBA

    Like

  2. Breach immunity – the winners and the losers

    The consequences of getting caught sharing medical records without patients’ permission depends on who is asking.

    The loser:

    “State board proposes discipline for University of Oregon psychologist over record release in rape case.” By The Associated Press, for The Register-Guard, Salem, Oregon, September 25, 2015.

    http://registerguard.com/rg/news/local/33546539-75/story.csp

    SALEM — A state licensing board is proposing a $5,000 fine, a reprimand and ethics training for the head of the University of Oregon’s counseling office.

    The proposed discipline, announced Friday, stems from allegations that Shelly Kerr released a student’s counseling records to the UO’s lawyers without the student’s permission. The student sought counseling after she said she was raped by three basketball players.

    The Board of Psychologist Examiners says Kerr violated rules requiring psychologists to protect the confidentiality of counseling records.

    The university agreed to an $800,000 settlement with the student in May.

    UO spokesman Tobin Klinger says the university is surprised and disappointed by the disciplinary decision. Klinger says Kerr is expected to request a hearing at which an administrative law judge would review the proposed discipline.

    —————————–

    The winner:

    “DEA gives Henry Schein’s MicroMD a federal search warrant for Patient Data.” By Justin Shafer for My Dental Blog, September 27, 2015.

    http://justinshafer.blogspot.com/2015/09/dea-gives-henry-scheins-micromd-federal.html

    DEA gives Henry Schein’s MicroMD a federal search warrant for Patient Data. Henry Schein complies.

    Norton Community Care was raided by the DEA, but after the raid, the DEA wanted records on certain patients who were prescribed oxycodone and they got that data from the doctors cloud based EMR. I am not sure what happened exactly, but it sounds like after the raid, the docs wanted data only to find that data was “on the cloud”. CORRECTION: I guess the DEA requested it before the raid.

    Perhaps customers using the cloud for their PMS, should request a private encryption key feature that only they know, to keep prying eyes out of their database.

    Better IT security might have prevented the DEA from getting the patient data (disk encryption and setting a backend database password for starters), but when that data is NOT in YOUR control, then you are not going to have that much POWER.

    (Shafer includes photos of relevant legal documents including the search warrant application and Schein’s signed consent).

    —————————–

    Schein’s apparent uncontested willingness to help the DEA breach American citizens’ medical records reminds me of AT&T’s notorious participation in the NSA’s blanket surveillance of Americans’ phone conversations.

    Though I don’t know what AT&T was offered for cooperating, there is an apparent conflict of interest worth $4.3 billion to Schein: “Henry Schein gets contract to modernize U.S. military health records.” Written by Ken Schachter for Newsday, August 20, 2015.

    http://www.newsday.com/business/henry-schein-gets-contract-to-modernize-us-military-health-records-1.10755453

    Some might claim Schein’s software is working exactly as stakeholders planned – long, long ago.

    D. Kellus Pruitt DDS

    Like

  3. Healthcare under attack

    If you like watching political train wrecks develop , notice how HIT is going terribly wrong – even while Obama pushes to penalize providers who still store patients’ valuable personal information in loud, bulky, metal filing cabinets:

    “Healthcare under attack as data theft rates surge – The health and care industries are progressively coming under attack from cybercriminals as the value of people’s health data skyrockets.”

    Carl Leonard
    [Principal security analyst at Raytheon]
    October 15, 2015

    http://www.theinformationdaily.com/2015/10/15/healthcare-under-attack-as-data-theft-rates-surge

    D. Kellus Pruitt DDS

    Like

  4. Avoid the “Cloud”

    This may sound counterintuitive as the cloud is one of the biggest digital products around; especially for EHRs. Bu,t there’s a good argument to be made that anything can be hacked.

    The Snowden leaks have shown that even the most secure networks have probably been infiltrated. So, if you have private or patient data you don’t want exposed, it’s probably best to back it up locally instead of on a big company’s cloud.

    Inge

    Like

  5. Paper: The gold standard of security

    “Russian government turns back to the typewriter for security – MOSCOW — A Russian state service in charge of safeguarding Kremlin communications is looking to purchase an array of old-fashioned typewriters to prevent leaks from computer hardware, sources said Thursday.”,” By AFP, July 13, 2013 (more).
    http://www.sourcenewspapers.com/articles/2013/07/13/news/doc51e00c2ad4ccb361032785.txt?viewmode=fullstory

    More recently:

    “Want to thwart govt spies? Use snail mail, Assange says – “Wikileaks founder Julian Assange advised journalists to use the regular postal service instead of email to avoid government surveillance…” By RT America, October 25, 2015
    https://www.rt.com/news/319616-assange-snail-mail-spies/

    Darrell Pruitt DDS

    Like

  6. Ransomware in the wild west

    “FBI’s Advice on Ransomware? Just Pay The Ransom – In-brief: The nation’s top law enforcement agency is warning companies that they may not be able to get their data back from cyber criminals who use Cryptolocker, Cryptowall and other malware without paying a ransom.” Posted by Paul on SecurityLedger.com, October 22, 2015.

    https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/

    After telling SecurityLedger that cryptolocker’s encryption cannot be beat – “The ransomware is that good” – Joseph Bonavolonta, Assistant Special Agent in Charge of the FBI’s CYBER and Counterintelligence Program, added, “The amount of money made by these criminals is enormous and that’s because the overwhelming majority of institutions just pay the ransom.”

    Welcome to the frontier – beyond the reach of law enforcement.

    DK Pruitt

    Like

  7. “The top 5 IT security threats for 2016.”
    [By Bev Robb, IT consultant for Power More]
    Dell.com, December 29, 2015

    https://powermore.dell.com/technology/top-5-security-threats-2016/

    1. More online extortion using ransomware

    2. More Internet of Things (IoT) attacks

    3. More hacktivist activity with strategic campaigns

    4. More stealth techniques to hide evidence of threat actor attacks

    5. More health record-related data breaches perpetrated by insiders.

    DK Pruitt

    Like

  8. ‘Unprecedented’ cyberattack hits 200K in 150 countries

    Friday’s cyber attack hit 200,000 victims in at least 150 countries, the head of the European Union’s police agency said on Sunday, adding he feared that number would grow when people return to work on Monday.

    http://www.msn.com/en-us/news/technology/monday-morning-blues-as-wannacry-hits-at-workweeks-start/ar-BBB8zqS?OCID=ansmsnnews11

    Europol Director Rob Wainwright told ITV’s Peston on Sunday that what was unique about the attack was that the ransomware was used in combination with “a worm functionality” so the infection spread automatically.

    CNBC

    Like

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: