Healthcare hackers and complex regulations

Despite the slight trend down over the past couple of years, the number of breaches targeting the healthcare industry is still higher than it was pre-pandemic.  Hackers are carrying out more sophisticated, flexible breaches that also impact more individuals in total (an increase of 35% to reach 28 million in the second half of 2022). 

Hospitals continue to be an obvious target, but in their perpetual quest to find the easiest route in, hackers have taken attacking third-party vendors as the weak link in the supply chain: this means billing companies, lawyers, and especially medical device manufacturers.  Securing medical devices remains a top priority for hospitals, since that is where bad actors can find easy access points into networks with all the juicy data.  Since medical devices are used to store and share protected health information (PHI), they must also adhere to HIPAA compliance standards. 

Likewise, Electronic Health Records (EHR) have always been a critical component for a medical institution’s operations, and cyber criminals these days are targeting EHR systems with greater aggression.  Around 6 million records were exposed through hacker efforts.  Nearly 150,000 people also had their information compromised through unauthorized disclosure.  Hacking itself accounts for 79% of all data security incidents, according to Help Net Security.  Ultimately, business associate breaches accounted for 48% of healthcare breaches in the second half of the year.

The numbers paint a picture of cyber criminals looking to target “smaller entities with weaker cyber defenses,” trying to train their sights on organizations that will garner more reward in exchange for fewer total breaches. 

Their actions continue to drive regulatory initiatives, as well.  Through all of their data breach investigations, the Department of Health and Human Services’ Office for Civil Rights (OCR) remains resolute that “there is a continued need for regulated entities to improve compliance with the HIPAA Rules.”  Among the remedial actions they recommend for larger breaches, revising policies and procedures, training staff who specifically handle PHI, and data encryption are especially notable. 

To prevent the OCR corrective hammer stroke, NetLib Security’s Encryptionizer software can take care of the latter.  By securing your sensitive data behind transparent database encryption, Encryptionizer can assist with compliance and keep you abreast of evolving standards, while simultaneously providing real defense from persistent hackers.  Don’t become one of the next 28 million.


By: Jonathan Weicher, post on February 23, 2023
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security