Tag: Cyber Security

What is the Security Rule Anyway?

 Author: Seymore Bones  Published Date: February 28, 2025  Leave a Comment on What is the Security Rule Anyway?

The Security Rule specifically sets out to ensure the “confidentiality, integrity,
and security” of electronic protected health information (ePHI). What does that mean?
• Confidentiality: ePHI is not available or disclosed to unauthorized persons.
• Integrity: ePHI is not altered or destroyed in an unauthorized manner.
• Availability: ePHI is accessible and usable on demand by an authorized person.

Security Rule

Security Training Tips for Frontline Employees

 Author: Seymore Bones  Published Date: September 13, 2024  Leave a Comment on Security Training Tips for Frontline Employees

The shift towards digital solutions has had a profound impact and benefit. However, it has also introduced new challenges, particularly concerning security, which is why your frontline employees need to be properly trained to ensure your business and customers are protected.

As frontline sectors continue to embrace technology, the dependency on digital tools and platforms grows. Employees now rely on various devices and software to perform their duties, from processing transactions and managing customer interactions to accessing sensitive information. Point-of-sale systems, digital customer service platforms, electronic health records, and mobile apps are now standard tools in these environments. 

The Importance of Security Training for Frontline Workers

Frontline workers extend beyond emergency responders. It’s an encompassing term to describe individuals who are the first point-of-contact between a company and its customers. They can handle sensitive information, greet patrons as they enter facilities, or provide direct support when needed

Why is front line training so vital?

  1. Direct Customer Interaction
  2. Protecting Sensitive Information
  3. Identifying Threats
  4. Compliance with Regulations
  5. Building Customer Trust

For Additional Helps and Tips Visit:  Vector Security’s Security Blog.

Vector Security Blog

FBI and HHS release Joint Cybersecurity Advisory

 Author: Seymore Bones  Published Date: July 8, 2024  Leave a Comment on FBI and HHS release Joint Cybersecurity Advisory

The Federal Bureau of Investigation (FBI) and the U.S. Department of Health and Human Services (HHS) have issued a joint cybersecurity advisory (CSA) to share known indicators of compromise (IOCs) and tactics, techniques, and procedures (TTPs) associated with a social engineering campaign. The campaign focuses on healthcare, public health entities, and providers, recognizing healthcare organizations as prime targets for hackers due to their large scale, reliance on technology, access to personal health information, and the significant consequences of disruptions in patient care.. ~Ann Ribeiro, Industrial Cyber News Editor

 

Follow this link for some good information as to how hackers are attacking Healthcare

Physicians Can Delegate Breach Notifications to Change Healthcare

 Author: Seymore Bones  Published Date: July 1, 2024  Leave a Comment on Physicians Can Delegate Breach Notifications to Change Healthcare

However, this delegation is only allowable if Change Healthcare or UHC are business associates of the covered entity. OCR made clear that the ultimate responsibility for ensuring such notifications occur remains with the covered entity, meaning physicians may still need to provide breach notifications under those circumstances. 

For the full TMA Article, Click here

FTC Mandates Vendors Notify Patients of Breaches

 Author: Seymore Bones  Published Date: June 27, 2024  Leave a Comment on FTC Mandates Vendors Notify Patients of Breaches

The Federal Trade Commission (FTC) has amended its Health Breach Notification Rule to require vendors of personal health records (PHR) and related entities not covered by HIPAA to notify individuals, the FTC, and, at times, the media, when a breach in protected health information (PHI) occurs. The change will take effect July 29. 

Physicians do not have to notify patients if their PHI is leaked via a PHR vendor that is not a business associate of the physician. That responsibility falls to the vendors themselves.  

Click here for the full article, by Alisa Pierce, TMA

Notice of Data Breach Update

 Author: Seymore Bones  Published Date: September 8, 2023  Leave a Comment on Notice of Data Breach Update

Texas physician practices and other health care facilities soon will be required to give more timely and public notice of any breaches of computerized data, including electronic health records (EHRs) and billing information.

During the 2023 regular legislative session, state lawmakers passed Senate Bill 768 by Sen. Tan Parker (R-Flower Mound), which takes effect Sept. 1. The law requires anyone doing business in Texas to notify the state attorney general of computer security breaches involving the sensitive, personal information of at least 250 individuals as soon as possible, and not later than 30 days after discovery, down from 60 days. 

For more information view Emma Freer's article at TMA

2022 Tech Trends from Iconic IT

 Author: Seymore Bones  Published Date: February 3, 2022  Leave a Comment on 2022 Tech Trends from Iconic IT

The pandemic has sped everything up.

Here’s some of the big trends Iconic believes you’ll be seeing a lot more of in 2022:

1. Companies will invest more in cybersecurity insurance than ever before.

2. Cloud-based desktop software like Microsoft’s Cloud PC will grow in popularity.

3. Companies of all sizes will rely on SIEM cybersecurity defenses.

4. Mobile devices will become a bigger target for hackers.

With more employees than ever working remotely, they’re more likely to use poorly protected cell phones and computers on unsecured wifi. According to Digital Information World, 40 percent of mobile phones are prone to attack, and in need of better authentications and cybersecurity software.

5. AI-enabled cybersecurity software will help companies mitigate network threats in their networks, and the Internet of Things.

For Iconic's full blog, click here.

Ransomware Threat Targeting HealthCare Providers. 11/09/2020

 Author: Seymore Bones  Published Date: November 9, 2020  Leave a Comment on Ransomware Threat Targeting HealthCare Providers. 11/09/2020

You can’t afford to continue to look the other way.

SOME GREAT TIPS TO SHARE WITH YOUR STAFF.

[embeddoc url=”https://community.poetllc.org/wp-content/uploads/2020/11/Ransomware-Threat-Targeting-Health-Care-11062020.pdf” download=”all” viewer=”google”]

HEIGHTENED RANSOMWARE THREAT: ACTION STEPS

 Author: Seymore Bones  Published Date: November 4, 2020  Leave a Comment on HEIGHTENED RANSOMWARE THREAT: ACTION STEPS

MGMA members-the federal government has announced a heightened risk of malware/ransomware attacks on the healthcare industry-including physician practices and inpatient facilities. We wanted to identify some actions you can take to reduce your risk and resources to assist you.

Actions to reduce your risk:

  • Discuss the issue of cybersecurity with your IT/website vendor and have them block known sites that provide known functionality to the malware (reference the IOC list below)
  • Have your IT/website vendor monitor endpoint detection on servers and workstations for changes in applications and running services
  • Have your IT/website vendor monitor all new account creations. Especially critical are those with administrator access
  • Have your IT/website vendor confirm that your data backup systems are in place and working effectively. Remember that offsite data storage is preferable
  • Ensure your practice’s business continuity and disaster recovery plans are up-to-date and readily available
  • Discuss the heightened threat with your administrative and clinical staff and the increased need to stay highly diligent during this time
  • Consider instituting a practice-wide policy prohibiting staff use of personal email accounts as a method to decrease your risk
  • Remind staff not to open emails and/or attachments from unknown senders (and even be cautious with attachments from recognized senders)
  • Encourage staff to inform you regarding any suspicious email or cyber incident

Resources:

HHS Bulletin: us-cert.cisa.gov/sites/default/files/publications/…

 IOC List: gist.github.com/aaronst/…

MGMA member-benefit Cybersecurity Action Steps

Robert Tennant MA
Director of Health Information Technology Policy MGMA Government Affairs
Washington DC