With an average of 60 data breaches per month and around 43 million patient records stolen in 2022, it’s not a matter of if but when your personal health information will be for sale on the dark web if you and your health providers don’t take the necessary precautions.
Welcome to CyberHygiene, our weekly newsletter, where we share tips and actionable data to help everyone stay safe online.
First time seeing this? Please subscribe.
The healthcare industry is becoming increasingly reliant on technology, with electronic health records, telemedicine, and wearable devices all playing a significant role in the delivery of care. However, with this increased reliance on technology comes an increased risk of cyber attacks. In recent years, there have been numerous instances of healthcare data breaches, with sensitive patient information being exposed to hackers.
One of the main reasons that the healthcare industry is a target for cyber attacks is the vast amount of valuable data it holds. Patient health records contain a wealth of personal information, including names, addresses, social security numbers, and medical histories, all of which can be used for identity theft or sold on the black market. Additionally, healthcare organizations often have access to large amounts of financial data, such as insurance information and billing records, making them attractive targets for cybercriminals looking to make a profit.
- 1) Why should both individuals and healthcare institutions care about cybersecurity?
- 2) What are the top healthcare security threats for individuals?
- 3) How to protect your health data?
- 4) What are the laws and regulations available in the US to protect patient health data?
- 5) How to report HIPAA violation?
- 6) What resources are available to help protect health data?
1. Why should both individuals and healthcare institutions care about cybersecurity?
Health information is highly sensitive and personal, and it is important to protect it from unauthorized access or disclosure.
- Personal information:
Both individuals and healthcare institutions handle sensitive personal information, such as social security numbers, medical records, and financial data. If this information is compromised, it can lead to identity theft, financial loss, and damage to one’s reputation.
- Loss of trust:
Healthcare institutions hold a position of trust in society, and a cybersecurity breach can undermine that trust. Patients may lose confidence in the institution’s ability to protect their personal information and may choose to seek care elsewhere.
- Financial consequences:
A cybersecurity breach can have significant financial consequences for both individuals and healthcare institutions. In addition to the direct costs of remedying the breach and compensating victims, there may also be indirect costs such as loss of business and damage to the institution’s reputation.
- Legal liabilities:
Healthcare institutions are subject to a variety of laws and regulations related to the protection of personal information, and a cybersecurity breach can lead to legal liabilities, fines, and sanctions.
2. What are the top healthcare security threats for individuals?
- Phishing attacks:
These are fraudulent email messages that appear to be from a legitimate source, such as a healthcare provider or insurance company. The goal of a phishing attack is to trick the recipient into revealing sensitive information, such as login credentials or financial data.
This is software that is designed to damage or disrupt computer systems. In the healthcare industry, malware can be used to steal sensitive patient information or disrupt critical systems, such as hospital equipment.
This is a type of malware that encrypts a victim’s files and demands a ransom from the victim to restore access. In the healthcare industry, ransomware attacks can have serious consequences, as they can disrupt the delivery of essential medical care.
- Insider threats:
These are threats that come from within an organization, such as a healthcare provider. Insider threats can include employees who access or disclose sensitive patient information without authorization, or who intentionally disrupt systems.
- Physical security breaches:
These are threats to the physical security of a healthcare facility, such as the theft of a laptop or unauthorized access to patient records.
3. How to protect your health data?
4. What are the laws and regulations available in the US to protect patient health data?
- Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a federal law that regulates the use and disclosure of protected health information (PHI) by covered entities, which include healthcare providers, health plans, and healthcare clearinghouses.
- Health Information Technology for Economic and Clinical Health (HITECH) Act
The HITECH Act expands the penalties for HIPAA violations and requires covered entities and their business associates to report certain data breaches to the Department of Health and Human Services (HHS) and, in some cases, to affected individuals.
- Genetic Information Nondiscrimination Act (GINA)
GINA prohibits discrimination on the basis of genetic information in employment and health insurance
- Children’s Online Privacy Protection Act (COPPA)
COPPA regulates the collection of personal information from children under the age of 13.
5. How to report a HIPAA violation?
6. What resources are available to help protect health data?
- Cybersecurity for eHealth: A Simplified Guide to Practical Cybersecurity for Non-Technical Healthcare Stakeholders & Practitioners by Emmanuel Ogu
- Do No Harm: Protecting Connected Medical Devices, Healthcare, and Data from Hackers and Adversarial Nation States by Matthew Webster
- Stop The Cyber Bleeding: What Healthcare Executives and Board Members Must Know About Enterprise Cyber Risk Management by Bob Chaput
2) Courses & Certifications
- Cybersecurity in Healthcare by Erasmus University
- HIPAA Compliance Training for Cyber Security Awareness by SANS Security Awareness
- HealthCare Information Security and Privacy Practitioner (HCISPP) by (ISC)²
- Top 10 Health Technology Hazards for 2022 by ECRI
- Healthcare Email Security Gap by FireEye
- CODE TRIAGE: Protecting Vulnerable Healthcare Data from Security Attacks by FireEye
- AAFP Advocacy Focus: Patient Privacy (HIPAA)
- Healthcare.gov, For Individuals: Answers to common questions about patient privacy.
- HealthIT.gov, Health Information Privacy Law and Policy: An overview of patient choice, opt-in policies, patient consent laws, and more.
- HHS.gov, Department of Health and Human Services, The HIPAA Privacy Rule: A definition and history of the Privacy Rule.
- Rural Health Information Hub, Patient Privacy: How the Privacy Rule applies to rural health
- The CyberPHIx: Meditology Services Podcast by Brian Selfridge
- HIPAA Compliance & Healthcare Cybersecurity by The Legal Babe
- Cybersecurity in Healthcare by ACIF / Chase Parsons with Nathan Yung, Ammar Mandvi and Meera Subash
6) TV Shows
- The Good Doctor (Season 4 Episode 10: Decrypt)
- Grey’s Anatomy (Season 14 Episode 8: Out of Nowhere)
- Chicago Med (Season 2 episode 19)
- FBI (Season 4 Episode 2: Hacktivist)
7) Review of the book “Healthcare Email Dangers” by Patrick Domingues
CyberReview by Sofia C. V.
Get the book here.
For more content about cybersecurity in healthcare, visit:
Subscribe and Comment.
Copyright © 2022 CyberMaterial. All Rights Reserved.