Paubox Weekly: HHS releases new healthcare cybersecurity strategy

Hello world,

Today’s Paubox Weekly is 481 words - a 2-minute read.

Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly. 

1. HHS releases new healthcare cybersecurity strategy

Following increasing cyberattacks and evolving tactics, the Biden administration released a concept paper focusing on cybersecurity in healthcare and what steps should be taken to address challenges.

Why it matters: According to the HHS, a 93% increase in large breaches was reported between 2018 and 2022. Even more alarming is the 278% increase in large breaches involving ransomware.

The healthcare sector is "particularly vulnerable"

2. OCR settles landmark phishing case that affected 35,000 patients

On December 7, the Office for Civil Rights settled a phishing case affecting approximately 35,000 patients. Lafourche Medical Group has agreed to pay $480,000 to the OCR and will follow a corrective action plan.

What happened: The OCR investigated the incident and found that before the breach, Lafourche had failed to conduct a risk analysis to identify threats and vulnerabilities, a requirement for HIPAA-covered entities. 

"Phishing is the most common way that hackers gain access to health care systems"

3. SEO poisoning and the healthcare industry

SEO poisoning attacks against healthcare organizations are on the rise, according to a recent HHS HC3 report.

The big picture: SEO poisoning is the intentional manipulation of search results. The first or second click may lead users to attacker-controlled, malicious websites. It can even be targeted to specific users.

How to defend against SEO poisoning

4. Illinois court rules healthcare workers exempt from biometric privacy law

The Illinois Supreme Court recently ruled that the state's biometric information privacy law, BIPA, would not apply to healthcare workers. This allows hospitals to collect employee biometric data without notifying those employees.

What was said: Attorney Jim Zouras stated, "The General Assembly decided that as much as 10 percent of the Illinois workforce should have no biometric privacy protection whatsoever simply by virtue of working in the healthcare field."

HIPAA took precedence over state laws

Community links

• Attacks that can threaten HIPAA security. Link
  
• Patient consent: What you need to know. Link
  
• How to develop a HIPAA email retention policy. Link
  
• Why do cyberattacks happen? Link
  
• What are the most common cyberattacks in healthcare? Link
  
• Why email disclaimers are not enough for HIPAA compliance. Link
  
• The relationship between the Cures Rule and HIPAA compliance. Link
  
• The 6 areas of public health. Link

Good reads from around the web

• Lessons from the New Jersey and New York healthcare cyber breaches. Link
• Cisco goes all in on AI to strengthen its cybersecurity strategy. Link
• Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack. Link
• Meta defies FBI opposition to encryption, brings E2EE to Facebook, Messenger. Link
• Are smart medical devices indispensable, or a security risk? Link