One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1497829 |
| Date de publication | 2020-01-07 14:00:00 (vue: 2020-01-07 15:29:29) |
| Titre | Healthcare cybersecurity for 2020 and beyond |
| Texte |
An independent guest blogger wrote this blog.
These days, effective cybersecurity in healthcare is as critical as ever. Last year, more than 32 million patients had their personal and medical information stolen in data breaches across the United States. While moves are being made, the fact remains that healthcare providers still have many holes to plug when it comes to the illegal or accidental outpouring of patient data.
The issue is that current problems need to be solved now before hackers move on to new, more advanced attack strategies. The good news is that there are many methods currently available to mitigate the chances of data leakage if medical professionals are proactive enough to enforce them.
HIPAA on the front lines
When patients visit the doctor, they expect to go to a safe place where their best interests are always the top priority. To foster that confidence, the Health Insurance Portability and Accountability Act was created to protect patient data while also giving the patients control over who can see their information. Along with HIPAA, the Health Information Technology for Economic and Clinical Health (HITECH) Act, encourages medical practices also to ensure that all technology they use is protected to eliminate wrongful data leakage.
Medical records contain an abundance of private information that can be used for any number of malicious means. Full medical records can often go for $1000 on the black market where the addresses, social security numbers, and financial information within can be used to create fake identification or take out large loans that can leave the patient in debt. If a hacker catches wind of a patient’s surgery date, they can even attempt to shut down hospital functions until a ransom is paid, like the $14K one paid by Columbia Surgical Specialists.
For these security reasons and to retain the trust of the patients, proper data security is essential, and it starts on the front lines. Nurse leaders should train their staff on how to retain patient confidentiality properly. When discussing the patients near the front desk, only use first names, and conversations should be had behind a closed door or as quietly as possible. Hard copies of patent data should never be left lying around, and your printer should be set to print pages facing down. The last thing you need is to have security precautions in place but still allow a criminal to simply walk up and take private information out of the office.
Proper record keeping
Because hackers have so much to gain from stealing patient data, proper record-keeping is essential. Per HIPAA, medical records are required to be kept between five to 10 years, based on the state and the patient’s last treatment or discharge. If paperwork is to be discarded, it must be properly shredded. If you keep paper records, they must be stored in locked cabinet |
| Envoyé | Oui |
| Condensat | $1000 $14k 000 100 2020 above abundance access accessible accidental according accountability acknowledgment across act addresses advanced afterthought all allow allure along also always antivirus any are around assist associate attachments attack attempt authorized available aware based because becomes been before beginning begins behind being best between beyond black block blockchain blocks blog blogger brazenly breaches brings but cabinets can cannot catch catches chain chances choosing clinical closed columbia comes coming computer confidence confidentiality connects contain contains control conversations copies could create created criminal critical current currently cyber cybersecurity data databases date days debt deeper deleted department departments desk device difference discarded discharge discussing dive docs doctor doctor’s doctors docusign door doorway down easier economic effective electronic eliminate emails employee employees encourages encrypted enforce enough ensure equipment error essential establishments even ever every expect facing fact fake fashion financial first five force form foster from front full functions gain get giving good google grab growing guarantee guest hacker hackers had hard has have having health healthcare here hipaa hitech hold holes horizon hospital hospitals hour how however ideal identification illegal including independent individuals industries infecting information innocent innocently inspected install insurance intent interests issue job jobs just keep keeping kept known laptops large last leaders leakage leave left life like lines links listed loans locked looking losing lying made make malicious malware many market may means medical member methods million mitigate modified more move moves much must names near need network never new news not now number numbers numerous nurse office offices often one only opened out outpouring over own pages paid paper paperwork part parties password patent patient patient’s patients per personal phishing place plug popularity portability possible practices precautions print printer priority privacy private proactive problems process products professionals promising proper properly protect protected protection providers quietly ransom realize reasons record records regain regular remains reports required retain risk saas safe scans security see seemingly segments sent seriously service set shadow should shredded shut simply slowly social software solution solved specialists specific staff start starts state states stealing stolen stored strategies subject such surgery surgical system systems tablets tactic take taking technology than them then these thieves thing thoroughly threat tips top track train transparency treatment trust try understated united unless unreadable until updates use used various version virus visit vital walk way ways websites weekly well what when whenever where who why will wind withdraw within without work would wrongful wrote year years your |
| Tags | Threat Guideline |
| Stories | APT 10 |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.