As 2018 comes to a close, we have a lot to be excited about here at HMT. We’re pleased to announce that Healthcare Informatics has joined us under the Endeavor Healthcare Media umbrella. I’m not just speaking for myself—but the whole HMT team—when I say that we’re looking forward to 2019. We are anticipating the upcoming year to be filled with thought-provoking editorial and are thrilled to be included in the well-recognized Health IT Summits. What a great way to say goodbye to 2018! I could write an entire editorial about what we’ve got planned for next year, but we should wrap this one up first.
Sadly, this was not a good year for cybersecurity—especially in healthcare. I’m sure most of you are privy to the recent news about SamSam still causing problems. On Oct. 30, Symantec published the blog SamSam: Targeted Ransomware Attacks Continue, which stated: “During 2018, Symantec has to date found evidence of attacks against 67 different organizations. SamSam targeted organizations in a wide range of sectors, but healthcare was by far the most affected sector, accounting for 24 percent of attacks in 2018.
Why healthcare was a particular focus remains unknown. The attackers may believe that healthcare organizations are easier to infect. Or they may believe that these organizations are more likely to pay the ransom.”1
Fortunately, in this edition, we featured articles on privacy/security, and received some very insightful tips and commentary that you can use in your organization.
David Holtzman, JD, CIPP, VP Compliance Strategies at CynergisTek wrote, “In the modern healthcare ecosystem, it’s all about the data and what can be done with it, which is why Data Loss Prevention (DLP) tools can be a priority to implement. DLP has the capability to control exfiltration of PHI and therefore reduce the risk of breaches. DLP allows IT administrators to identify where sensitive information is within the information enterprise through discovery, where it’s going and how it is being used and who is using it through network management and manage access and storage of data on endpoints, including external destinations like the Cloud.”
Holtzman makes a great point here—it’s important that IT administrators use DLP tools so they are in the loop on where all the sensitive information is, where it’s going, and who has access to it. I think all healthcare organizations can benefit from a staff that really has an eye on their PHI.
Matt Ferrari, Chief Technology Officer at ClearDATA, wrote a great point about staff, too: “Not all events or incidents result in a breach; however, all events do need to be managed. In many organizations, privacy and security have been considered separate functions, with the IT group responsible for information security and the compliance or legal counsel responsible for privacy. In reality, both are needed to fully investigate incidents, determine their causes, and safeguard against future events. When teams who are identifying and analyzing incidents operate in silos, important information can be overlooked or fail to be shared with the right people.”
I’m just going to come out and say it—Ferrari is right. Those tasked with privacy and security need to investigate incidents together, so they can learn together to protect against future events. As we all know, when everyone is on the same page … things are a lot easier!
Hopefully, the last editorial of 2018 in HMT wasn’t too depressing. And hopefully, there will be less cybersecurity incidents in 2019, if health IT professionals heed the advice of those featured this month.
Reference
1. Symantec, SamSam: Targeted Ransomware Attacks Continue, available at https://www.healthmgttech.com/coding-quality-assurance-is-universal (Accessed Nov. 2, 2018).