Healthcare Cyber Attacks went up almost 90% in 2017

By Aris Medical Solutions

There were 132 reported breaches under investigation from Health and Human Services’ (HHS) Office for Civil Rights (OCR) in 2017 related to Hacking/IT Incident. As you review the report you can see how many were related to email and desktop computers.

Click here to see a list of current data breaches: OCR breach portal

So how does this happen? More than likely it has been caused by an unsuspecting employee. Healthcare is typically targeted with ransomware through social engineering. Practices need to be vigilant in educating their staff to be extremely careful when it comes to clicking on emails or surfing the web with their work computers. That is why we always recommend work computers be used exclusively for work. Plus, personal email addresses should never be utilized to communicate with patients or vendors for a number of reasons, this being just one!

There were many server attacks as well. This can happen in the same manner, especially when someone is logged in with administrative rights when they should be logged in as a user instead.

When it comes to cloud storage or cloud based EHRs, these too can be hacked although it is not as common. Most of the time this is caused by a misconfiguration in the network.

What can you do to prevent this from happening to you?

First of all, conduct a full HIPAA Security Risk Analysis, you need to know where your data is in order to create a Risk Management Plan to protect your organization.
Secondly, continual education on new threats to inform your employees how to be diligent.
Most of all, make sure your IT professional is a network security specialist. Doing your own network security is not longer an option, you must utilize a professional to ensure your network is secure. This includes your websites and cloud services.

For more information on how Aris Medical Solutions can help your organization with HIPAA Compliance and Protecting your Data call 877.659.2467 or click here to contact us.

“Protecting Organizations through Automation, Education, and Support”

About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

Two factor vs Two Step Authentications

January 20, 2018

Updating your Contingency Plan

March 25, 2018
©2024 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC