Knowledge is the best attack deterrent, so check out our cyber security updates
24By7Security, Inc.

Healthcare Cybersecurity Biweekly Newsletter - May 24th, 2017

HIPAA enforcement trends – What is OCR doing?

Iliana Peters recently provided a thorough update of HIPAA enforcement trends as well as a road map to OCR’s current and future endeavors.  Iliana is an attorney and senior advisor for HIPAA compliance and enforcement at the US Department of HHS Office for Civil Rights.  She addressed a wide range of compliance issues at the Annual Compliance Institute hosted by Health Care Compliance Association in Washington, D.C.

  • Ransomware attacks will constitute a breach unless there is substantial evidence to the contrary. HIPAA-regulated covered entities and their business associates will now be responsible for following specific guidance laid out by the OCR in the event of a ransomware attack. It’s no longer enough to be defensive – healthcare organizations must be proactive.
  • Cloud Providers are generally BAs. Covered Entity will have to understand what risk to their data is in that type of solution. BA and cloud computing vendors will be liable when there is no compliance in terms of HIPAA Rule.

New Jersey Healthcare Providers Suffer EHR Security Breaches

Two healthcare organizations have uncovered evidence of data security breaches involving patient EHRs in recent weeks. 

  1. A third-party server hosting the electronic health record database of the New Jersey Diamond Institute for Infertility and Menopause was hacked and access was gained by an unauthorized individual. EHR system was encrypted, so the attackers were unable to access patient health records, although many unencrypted supporting documents were also stored on the server and may have been accessed. The documents were found to contain a limited amount of protected health information relating to more than 14,000 patients. 
  2. Another breach was reported at True Health Diagnostics. The failure to implement appropriate safeguards on web-based applications resulted in unauthorized disclosures of patients PHI. Flaw on the web portal allowed patients to access not only their own test results, but the test results and PHI of other patients. 

Americans are more likely to pay digital ransoms after cyberattacks

When Americans are targeted by cybercriminals, they’re more likely to capitulate to paying a ransom. Hundreds of thousands of the world’s computers were targeted by a hacking attack recently, in what experts are calling the most massive warning yet for companies and consumers to improve their security practices. But recent data, which was released in the weeks before this latest cyberattack, suggested that Americans are more likely to pay digital ransoms. In 2016, 64% of Americans were willing to pay digital ransom demands, according to a report released last month by cybersecurity company Symantec—the highest of any country in the world. Globally, only 34% of people are willing to pay a ransom.


93,000 patient records exposed by Pennsylvania provider

Pennsylvania based Harrisburg Gastroenterology reported breach saying  a suspicious system activity triggered discovery that an unauthorized person could have accessed patient data. 93,323 Harrisburg Gastroenterology patients have been impacted. The breach reports submitted to the Department of Health and Human Services’ Office for Civil Rights show this to be one of the largest potential data breaches of 2017.


Upcoming Events!

What Infragard can do for You and Your Company - June 7 @ 8:30 am - June 23 @ 12:00 pm

Sanjay Deo, President of 24By7Security, is a sector chief of technology for Infragard South Florida chapter and 24By7Security is sponsoring this informative event at Nova Southeastern University.

More Information....

ISSA 2017 International Conference - Oct 9 - 11, 2017

Michael Brown of 24By7Security, Inc. will be speaking on Cyber Resilience at the ISSA 2017 International Conference being hosted at the Sheraton Hotel and Marina in San Diego, California.

More Information....

Data Connectors Fort Lauderdale Tech-Security Conference - Dec 14, 2017

24By7Security is pleased to sponsor the Data Connectors Fort Lauderdale Tech-Security Conference at Fort Lauderdale, Florida.

More Information....

Facebook Twitter Linkedin Youtube Google Instagram

About us

24By7Security, Inc. is a full service Cybersecurity strategy, implementation, operations and training firm.  We provide Cybersecurity and compliance related services across all functions of the enterprise. Our services include CFPB/DFA, FIPA, FERPA, GLBA, HIPAA, PCI, SOX, and others.

Visit Our Website

24By7Security, Inc.

4613 N. University Drive, Suite #267

Coral Springs, Fl - 33067

(844) 55-CYBER