Hello world,
Today’s Paubox Weekly is 481 words - a 2-minute read.
Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly.
Following increasing cyberattacks and evolving tactics, the Biden administration released a concept paper focusing on cybersecurity in healthcare and what steps should be taken to address challenges.
Why it matters: According to the HHS, a 93% increase in large breaches was reported between 2018 and 2022. Even more alarming is the 278% increase in large breaches involving ransomware.
The healthcare sector is "particularly vulnerable"
On December 7, the Office for Civil Rights settled a phishing case affecting approximately 35,000 patients. Lafourche Medical Group has agreed to pay $480,000 to the OCR and will follow a corrective action plan.
What happened: The OCR investigated the incident and found that before the breach, Lafourche had failed to conduct a risk analysis to identify threats and vulnerabilities, a requirement for HIPAA-covered entities.
"Phishing is the most common way that hackers gain access to health care systems"
SEO poisoning attacks against healthcare organizations are on the rise, according to a recent HHS HC3 report.
The big picture: SEO poisoning is the intentional manipulation of search results. The first or second click may lead users to attacker-controlled, malicious websites. It can even be targeted to specific users.
How to defend against SEO poisoning
The Illinois Supreme Court recently ruled that the state's biometric information privacy law, BIPA, would not apply to healthcare workers. This allows hospitals to collect employee biometric data without notifying those employees.
What was said: Attorney Jim Zouras stated, "The General Assembly decided that as much as 10 percent of the Illinois workforce should have no biometric privacy protection whatsoever simply by virtue of working in the healthcare field."
HIPAA took precedence over state laws