Why Healthcare Security Matters

guest · Jun 24, 2019

Eyecare Centers Report Data Breach
June 23, 2019
https://invisionmag.com/eyecare-centers-report-data-breach/

JFJ Eyecare Ltd., doing business as Quantum Vision Centers and Eye Surgery Center LLC, announced that some of its systems were accessed by an unauthorized person.
“While there is no evidence that suggests that any data was actually taken, Quantum Vision Centers and Eye Surgery Center have mailed letters to individuals whose information may have been affected,” the company stated in a press release.

The malware encrypted certain files, including on a server that contained patient protected health information. The types of affected data may include first and last name, date of birth, address, social security number and information relating to health insurance coverage.
Quantum Vision Centers and Eye Surgery Center have taken steps including “working diligently to contain the promulgation of the malware, and engaging a third-party forensics firm to investigate the scope and source of the incident.”
Click to expand...

guest · Jun 24, 2019

Leaked video exposes how patient data in Hong Kong public hospitals can be accessed by any user without needing a password
June 19, 2019
https://www.scmp.com/news/hong-kong...deo-exposes-how-patient-data-hong-kong-public

Patient data at Hong Kong’s public hospitals can be accessed by any user with no need for a password, a leaked video shown to the Post and verified by multiple hospital sources has revealed.

Software developer Wong Ho-wa warned the program used in public accident and emergency (A&E) wards called AEIS carried a huge risk and was built with an “intentional back door”, allowing anyone to access patients’ files while leaving no trace.
It meant there was no control over who had permission to access the data and no way of monitoring who had seen it, Wong said.

Another doctor at a public hospital said: “I’ve worked in A&E for eight years, I don’t even know the password [to AEIS].”
He agreed extra security measures should be added and that having to enter a password would not hinder his work.
Click to expand...

ronjor · Jun 24, 2019

Trump issues executive order increasing transparency in hospital prices, doctor fees

Published Mon, Jun 24 2019
President Donald Trump on Monday issued an executive order designed to pressure insurers, doctors and other health-care providers to disclose more information about their prices.
Click to expand...

guest · Jun 24, 2019

Dominion National Identifies and Addresses Data Security Incident
June 21, 2019
https://www.prnewswire.com/news-rel...dresses-data-security-incident-300872972.html

Today, Dominion National, an insurer and administrator of dental and vision benefits, announced that it is addressing a data security incident involving some personal information that Dominion National maintains in connection with the services it provides.

[...] Dominion National determined that an unauthorized party may have accessed some of its computer servers. The unauthorized access may have occurred as early as August 25, 2010. Dominion National moved quickly to clean the affected servers.

The servers may have also contained personal information pertaining to plan producers and participating healthcare providers. The information varied by individual, but may include names in combination with addresses, email addresses, dates of birth, Social Security numbers, taxpayer identification numbers, bank account and routing numbers, member ID numbers, group numbers, and subscriber numbers.
Click to expand...

guest · Jun 24, 2019

Medical Device Cybersecurity: The Top Challenges
June 24, 2019
https://www.inforisktoday.com/interviews/medical-device-cybersecurity-top-challenges-i-4359

Access and identity management continues to be a top medical device cybersecurity challenge, says security expert Mark Sexton of the consultancy Clearwater, formerly known as Clearwater Compliance.
"A number of these devices cannot be integrated into normal technical controls, like Active Directory, that you use on your network to manage user access and monitor that activity," he notes in an interview with Information Security Media Group.

Plus, many medical devices are still running legacy operating systems, he notes. In fact, some experts estimate that by the end of this year, as many as 70 percent of medical devices will be running on operating systems that will no longer be supported, Sexton says.

"That makes any network administrator security person's hair stand up on their neck because those are all vulnerable, low-hanging fruit from a security perspective," the consultant adds.
Click to expand...

ronjor · Jun 25, 2019

Patients’ social media use can threaten the reliability of clinical trials

by The Conversation 25 June 2019
Testing new pharmaceutical treatments is a complicated process. Very often, participants have preferences or hopes, either about what the test should measure or about what the outcome should be. Patients often enrol in the trial seeking access to experimental drugs while physicians usually have guesses about which treatment will work better. The sponsor will only recover millions of investment in the drug development if the trial is successful.
Making sure that all these preferences do not shape the outcome of the test is crucial for its credibility. For that reason, treatments are often masked –“blinded” – so that neither physicians nor patients in the trial know who is receiving what treatments. In the age of the internet and social media, however, trial participants can easily find each other – through patient groups for example – to discuss and compare treatments and outcomes, potentially unblinding the trial. But how common is that and what impact could it have on medical research?
Click to expand...

guest · Jun 25, 2019

Marin Community Clinics hit with ransomware attack
June 24, 2019
https://www.marinij.com/2019/06/24/marin-community-clinics-hit-with-ransomware-attack/

Marin Community Clinics was able to resume use of its computer system Friday night after being hit by a ransomware attack between 9 a.m. and 10 p.m. Wednesday.
“We’re not totally out of the woods, but we’re feeling good because we’ve had the system up three days now.” said Mitesh Popat, the clinics’ CEO. “There is always reinfection risk hanging over your head. We’re trying to play it super safe and super cautious.”

Popat, however, said the ransomware used in the attack, known as Sodinokibi, gained access through a computer server.
Popat said Marin Community Clinics was able to resume use of its system fairly quickly because it backs up its data on a regular basis.
“We are able to restore from those backups,” Popat said.
Click to expand...

ronjor · Jun 25, 2019

Carrier services help expand healthcare, with 5G in the offing

By Jon Gold Senior Writer, Network World
Many telehealth initiatives tap into wireless networking supplied by service providers that may start offering services such as Citizen's Band and 5G to support remote medical care.
Click to expand...

guest · Jun 26, 2019

2,200 Franciscan Health Patients Notified of Unauthorized PHI Access by Employee
June 26, 2019
https://www.hipaajournal.com/2200-f...ified-of-unauthorized-phi-access-by-employee/

Mishawaka, IN-based Franciscan Health has discovered the protected health information of approximately 2,200 patients has been accessed by a former employee without authorization.

The privacy violation was discovered during a routine privacy audit. Franciscan Health announced that it was confirmed on May 24, 2019 that an employee in the quality research department had accessed the electronic medical records of patients without authorization and with no legitimate work reason for doing so.
While unauthorized PHI access was confirmed, Franciscan Health found no evidence to suggest that the employee copied, transmitted, or disclosed any patient information.

Through that system, the former employee accessed patient records containing information such as names, addresses, email addresses, dates of birth, phone numbers, gender information, race/ethnicity, last four digits of social security numbers, and medical record numbers.
Click to expand...

guest · Jun 26, 2019

Healthcare industry falls far behind in SecOps resources
Less than a quarter of medical organizations have a robust in-house security team available
June 26, 2019
https://www.zdnet.com/article/healthcare-industry-falls-far-behind-in-secops-resources/

Only 14 percent of healthcare organizations say they have a strong in-house SecOps team in place to deal with cybersecurity issues and attacks, new research claims.
The healthcare industry is critical to us and as the guardians of valuable data including Personally Identifiable Information (PII) usable for fraud and identity theft, is also now a key target for threat actors.

It is not only our PII which is at risk. According to Carbon Black, medical data can sell for as much as six times as PII and can be used not only for insurance fraud but also the creation of fake medical documents such as licenses to practice.
Click to expand...

guest · Jun 26, 2019

Queensland Health launches investigation after medical files found on busy Brisbane road
June 26, 2019
https://www.abc.net.au/news/2019-06-26/medical-files-dropped-on-busy-brisbane-road/11249460

A staff member came across the files last Thursday on Abbotsford Road in Bowen Hills, kilometres away from their home at the Royal Brisbane and Women's Hospital (RBWH).
They had been picked up at the hospital in Herston by a contractor and were to be taken to a destruction facility.

The files were from a variety of outpatient clinics and included patients' names.
"We are examining the documents to ascertain the level of confidential information they contain.
LNP leader Deb Frecklington said it was a major breach of trust.
Click to expand...

guest · Jun 26, 2019

Patient Care Coordinator Gets 1 Year Jail Term for HIPAA Violation
June 26, 2019
https://www.hipaajournal.com/patient-care-coordinator-gets-1-year-jail-term-for-hipaa-violation/

A former patient care coordinator at University of Pittsburgh Medical Center (UPMC) has received a 1-year jail term for accessing the medical records of patients and using that information to cause malicious harm.

Sue Kalina, 62, of Butler, PA, had previously worked at UPMC Tri Rivers Musculoskeletal and Allegheny Health Network as a patient care coordinator. On March 30, 2016, while employed by UPMC, Kalina first started accessing patients’ medical records without authorization. She continued to do so until June 15, 2017.
Kalina accessed the records of friends, old classmates, and individuals that she had an aggrievance with.

Kalina was sentenced to 12 months in jail followed by 3 years of probation. During that time frame Kalina is not permitted to have any contact with any of the 111 victims.
Click to expand...

guest · Jun 26, 2019

Google and University of Chicago sued over patient records
June 26, 2019
https://www.cnet.com/news/google-and-university-of-chicago-sued-over-patient-records/

A partnership between Google and the University of Chicago Medical Center aimed to improve predictive analysis in medicine. But a lawsuit filed by a patient says the alliance shared too much personal information.

The lawsuit, filed Wednesday in US District Court for Northern Illinois, accuses the hospital of sharing hundreds of thousands of patient records with the tech giant without removing date stamps and doctor's notes. The complaint goes on to say that Google is uniquely capable of determining the identity of every medical record shared with it.

But the lawsuit alleges that inclusion of dates violates HIPAA, which requires hospitals to hide personally identifiable information such as names and Social Security numbers.
The University of Chicago said the lawsuit lacked merit.

"The University of Chicago Medical Center has complied with the laws and regulations applicable to patient privacy," a University of Chicago spokesman said.
Click to expand...

guest · Jun 27, 2019

5 million personal records belonging to MedicareSupplement.com exposed to public
June 27, 2019
https://www.comparitech.com/blog/information-security/medicare-supplement-data-breach/

MedicareSupplement.com is a US-based insurance marketing website that lets users find supplemental medical insurance available in their area. Users are required to enter personal information in order to get a quote. It is not an insurance company.

Some records—about 239,000—also indicated insurance interest area, for example, cancer insurance. Data was spread around several categories, including life, auto, medical, and supplemental insurance.
The IP address of the publicly available database was first indexed on May 10, 2019 by public search engine BinaryEdge. We do not yet know whether anyone gained unauthorized access to the database.
About MedicareSupplement.com
MedicareSupplement is a direct-to-consumer insurance marketing site that lets Medicare users get quotes on and compare various supplemental insurance plans.
Click to expand...

guest · Jun 28, 2019

Certain Insulin Pumps Recalled Due to Cybersecurity Issues
June 27, 2019
https://www.inforisktoday.com/certain-insulin-pumps-recalled-due-to-cybersecurity-issues-a-12701

In a rare move, the Food and Drug Administration on Thursday warned patients and healthcare providers that medical device manufacturer Medtronic has issued a voluntary recall of certain wireless insulin pumps due to cybersecurity vulnerabilities that cannot be adequately patched and therefore pose safety concerns.

"While we are not aware of patients who may have been harmed by this particular cybersecurity vulnerability, the risk of patient harm if such a vulnerability were left unaddressed is significant," says Suzanne Schwartz, M.D., deputy director of the FDA's office of strategic partnerships and technology innovation.

The FDA has issued warnings about voluntary medical device recalls due to cybersecurity issues in only a handful of instances.
Medtronic is providing alternative insulin pumps to patients with enhanced built-in cybersecurity capabilities, the FDA reports.
Click to expand...

ronjor · Jun 30, 2019

Telemedicine apps are thriving because working moms love the convenience of their smartphones

Christina Farr@chrissyfarr 30 June 2019
Mothers are power users of virtual medical consultation apps.
Executives from American Well, MDLIVE, Teladoc and Doctor on Demand all told CNBC that they target women and count on them to spread the word.
Click to expand...

ronjor · Jun 30, 2019

University of Chicago Implicated in Lawsuit Over Data Breach

June 28, 2019
The University of Chicago Medical Center in 2017 announced that it was creating a partnership with Google to use data from patients’ electronic medical records to try to make better predictions and advance artificial intelligence in medicine.
Now, two years later, the University of Chicago and its Medical Health Center and Google are facing a potential lawsuit over a data breach. The lawsuit says:
Click to expand...

ronjor · Jul 1, 2019

July 1, 2019
Consumers Still Paying for Sham Insurance Products Sold by Simple Health to be Notified About the Fraud and Provided an Opportunity to Enroll in Comprehensive Health Insurance Plans During a Special Enrollment Period

Agency alleges the company sold consumers worthless plans that left people uninsured
Click to expand...

Minimalist · Jul 2, 2019

Popular genetic-mapping software potentially exposed patients' data

Security researchers have helped fix a flaw in genetic-mapping software that could have allowed a hacker to manipulate the results of a person’s DNA analysis, showing the challenges of securing code in an industry that is crunching ever-larger sets of data.
Click to expand...

https://www.cyberscoop.com/burrows-wheeler-aligner-genetic-mapping-sandia-patch/

ronjor · Jul 2, 2019

Facebook News Feed changes downrank misleading health info and dangerous ‘cures’

Sarah Perez@sarahintampa 02 July 2019
No, drinking bleach is not a miracle cure for diseases and other conditions — but that’s the sort of bogus health claim that’s floating around the web these days, getting blocked by sites like Amazon and YouTube. Now you can add Facebook to that list of sites taking action — well, kind of! The social network today announced it will minimize the spread of health content that’s sensational or misleading.
Click to expand...

guest · Jul 2, 2019

Health Data Breach Tally: A Mid-Year Update
July 2, 2019
https://www.inforisktoday.com/health-data-breach-tally-mid-year-update-a-12713

With half of 2019 in the rear-view mirror, what are the emerging healthcare data breach trends so far this year? Hacker/IT incidents continue to be the dominant cause of breaches, while another formerly common cause - lost or stolen devices - has become relatively rare, according to the federal tally.
Click to expand...

hawki · Jul 2, 2019

"Hackers could invade NHS systems to 'fake' or hide cancer on scans...

Hackers could invade NHS systems and maliciously edit medical scans to “fake” or hide cancer, a new report warns.

...[A] technological revolution taking part in the NHS, which plans wider use of artificial intelligence (AI) and robotics – could also expose it to new threats...

The study by Imperial College London's Institute of Global Health Innovation highlights international research which found that hackers could use AI to attack medical scans, and add or remove evidence of lung cancer from scans..."

https://www.telegraph.co.uk/news/2019/07/02/hackers-could-invade-nhs-systems-fake-hide-cancer-scans/

guest · Jul 2, 2019

‘Chronic underinvestment’ in NHS IT systems is putting patient data at risk report finds
July 2, 2019
https://eandt.theiet.org/content/ar...is-putting-patient-data-at-risk-report-finds/

It found that NHS organisations spend only 1-2 per cent of running costs on IT services compared with 4-10 per cent elsewhere which is putting patient data at risk.
The NHS was found to be “vulnerable and not adequately prepared to respond” the report found, “with limited capability and uncertain accountability for cyber security”.

“We are in the midst of a technological revolution that is transforming the way we deliver and receive care,” said Lord Darzi, co-director of the Institute of Global Health Innovation, who will present the White Paper on NHS Cyber Security to the House of Lords today.
“This report highlights weaknesses that compromise patient safety and the integrity of health systems, so we are calling for greater investment in research to learn how we can better mitigate against the looming threats of cyberattacks.”
Click to expand...

guest · Jul 3, 2019

Pardee UNC Health Care notifies community of possible data breach
July 2, 2019
https://mountainx.com/blogwire/pardee-unc-health-care-notifies-community-of-possible-data-breach/

Pardee UNC Health Care has begun the process of notifying the community of a possible data breach that occurred as a result of a break-in in the basement of their building located at 2029 Asheville Hwy, Hendersonville. The break-in was discovered, and a police report filed, on May 9, 2019.

However, during the onsite investigation immediately following the discovery of the break-in, Pardee Security found a stack of 590 Federal Drug Testing Custody and Control forms dating from October 2003 to December 2004. These forms, which contained information related to routine drug screenings performed at Pardee Urgent Care, were in plain view and likely accessible to the person(s) who participated in the break-in.

Melia also notes that Pardee consolidated paper records previously stored at multiple off-site records storage facilities into one secure storage facility, and is reinforcing existing employee training on the importance of maintaining the privacy and security of health and other personal information . “We are reviewing existing employee training and record retention protocols and policies and will reinforce and revise as needed,” said Melia.
Click to expand...

guest · Jul 4, 2019

mood said: ↑

Dominion National Identifies and Addresses Data Security Incident
June 21, 2019
https://www.prnewswire.com/news-rel...dresses-data-security-incident-300872972.html
Click to expand...

2.9 Million Members Affected by Dominion National 9-Year PHI Breach
July 3, 2019
https://www.hipaajournal.com/dominion-national-discovers-9-year-phi-breach/

A leading cybersecurity company performed a comprehensive forensic analysis and review of affected data and confirmed the sensitive information of current and former members of Dominion National and Avalon Vision plans may have been compromised along with the PHI of individuals who are members of health plans for which the company provides administration services for.

A long-term breach such as this has potential to affect a great many plan members. According to the summary published on the HHS’ Office for Civil Rights Breach Portal, 2,964,778 plan members have had their PHI exposed.
While system access was confirmed, Dominion National uncovered no evidence to suggest any patient data was accessed, acquired or misused by the individual responsible for the attack. Breach notification letters were mailed on June 21, 2019. The substitute breach notice on the Dominion National website makes no mention of credit monitoring or identity theft protection services.
Click to expand...

Log in or Sign up

Why Healthcare Security Matters

guest Guest

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

ronjor Global Moderator

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

ronjor Global Moderator

guest Guest

hawki Registered Member

guest Guest

guest Guest

guest Guest

Log in or Sign up

Why Healthcare Security Matters

guest Guest

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

ronjor Global Moderator

guest Guest

ronjor Global Moderator

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

guest Guest

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

Minimalist Registered Member

ronjor Global Moderator

guest Guest

hawki Registered Member

guest Guest

guest Guest

guest Guest

Useful Searches