2021 Healthcare Breaches – Tampa, Florida

Tampa, Florida 2021-12-07 14:35:42 –

A prosperous year for hackers

More than 550 organizations reported medical data breaches to HHS in 2021 affecting more than 40 million individuals. Potential fines can be astounding and we’re looking for all the dimes the government can get, so that’s exactly what they expect.

Under HITECH and HIPAA legislation, eligible entities must report medical data breaches of unsafe and protected medical information (PHI) affecting more than 500 individuals to the HHS Civil Rights Authority (OCR). Is obligatory. These violation reports are public information and are posted on the HHS HIPAA Wall of Shame portal (https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf).

What can my company do?

The 10 largest cases of medical data breaches reported in 2021 (depending on the number of affected individuals) were all hacks / IT incidents. Medical institutions need to adapt and prepare for cyberattacks and data breaches by implementing strong cyber defenses.

  • education: People are always the weakest links in the security chain. Give your staff the best chance to be aware of spear phishing attacks, credential capture sites, and other threats to your organization. It can be the most important investment you make.
  • Third-party risk assessment: The HHSSRA self-assessment tool used in many practices does not actually reduce it when it comes to assessing technical risks. This is very common and does not address the specific risks faced by individual practices. If your organization does not have an internal security department, have an external organization that is aware of cyber risks perform an annual assessment. Remember that you cannot protect yourself from the risks of not knowing what you have.
  • Technical safeguards: There are several technical safeguards an organization should take to protect itself from attacks and limit the radius of the explosion. The best approach is to stack multiple safeguards on top of each other to provide a backstop when a single measure reaches the beach. Running an antivirus system on your workstation does not provide the protection you need. Tell us what you are doing and how to make it stronger.

  • Cyber ​​Incident Response Plan: What happens when an attack occurs? If you don’t plan when an incident occurs, it’s too late to avoid serious pain and confusion. By implementing an incident response plan, you can limit damage and get your organization up and running as quickly as possible.

Selected 2021 low light

Florida Healthy Kids Corporation: 3,500,000 records published

Health plan Florida Healthy Kids Corporation reported the largest medical data breach in 2021 on January 29.. This breach affected 3.5 million people. Florida Healthy Kids Corporation said it was notified of the incident on December 9, 2020. Social security numbers, dates of birth, names, addresses, and financial information could have been accessed by threat attackers during a cyberattack.

Investigation into the attack revealed that the health insurance website maintained by Jelly Bean Communications Design had a serious security vulnerability that was overlooked. Remember that business associate cybersecurity issues are also your responsibility. Is the security system of all BAs evaluated?

20/20 EyeCare Network: 3,253,822 records published

Florida-based 20/20 Eye Care Network Reported a medical data breach to HHS on May 24th. 20/20 discovered suspicious activity in the Amazon Web Services (AWS) cloud environment on January 11, 2021.

20/20 notified the FBI shortly after deactivating and resetting access credentials. After a cybercriminal accessed the provider’s AWS cloud environment, some information was accessed and in some cases deleted.

Cloud services can improve your cyber defense stance, but they are by no means a silver bullet when it comes to security (and responsibility). Access credentials can be stolen through key logging software and the credential harvesting website. They can be used directly or sold to many criminal activities, and PHI will be open to the world.

Capture RX: 1,656,569 records released

You’ve probably heard the phrase “size doesn’t matter”, but that’s often the case when it comes to cybersecurity. CaptureRx is an IT services organization that helps healthcare organizations manage their 340B pharmaceutical programs.They are part of the NEC Network. The business associate experienced a medical data breach that affected more than 1.6 million people and 16 medical institutions in February.

NEC is a Japanese technology conglomerate with annual sales of $ 25 billion. Just because a business associate is a large company does not mean that it is not immune to cyber breaches.

St. Joseph / Candler Health System: 1,400,000 records published

St. Joseph / Candler (SJ / C) Health System in Savannah, Georgia The EHR system was completely shut down after being attacked by a ransomware attack on June 17. Forensic investigations of the attack revealed that the first breach occurred on December 18, 2020, and that the attacker broke into the network for six months and launched malware in a coordinated attack.

With no access to the hospital system’s computers and communication systems, clinicians had to record clinical notes on pen and paper. According to staff, “It wasn’t a simple software glitch or a temporary power outage. Instead, it was a complete loss of information technology.”

“All from electronic medical records[s] (EMR) was used to document encounters with labs, radiology, and billing software, but went down. Even phones formatted as Voice Over Internet Protocol (VOIP) devices have stopped working. All of St. Joseph / Candler’s normal patient encounter protocols were quickly disabled. The hospital system was, in essence, flying blindly. “

For St. Joseph / Candler, it’s not a loss of income during an attack, a loss of reputation, or even an inevitable fine coming from the government. There are currently two class actions pending against the health care system, and more may be in progress.

Does the layered cybersecurity approach include proper network segmentation to limit where potential attacks can occur? Do you want to monitor your internal network for devices that should not communicate with each other? Call Alaris to discuss network monitoring.

For more information related to this article contact@alaristmc.com

2021 Healthcare Breaches
Source link 2021 Healthcare Breaches

Back to top button