Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today’s threat landscape is driven by digital transformation and the outsourcing of critical operations to third-party vendors. Cybercriminals’ high demand for sensitive data paired with a historical lack of cybersecurity investment across the industry is cause for concern. Healthcare organizations recognize they have the choice to either increase their cyber spending or inevitably fall victim to a costly data breach. However, investing in cybersecurity solutions alone isn’t enough.

In Q2 2022, Kroll observed a 90% increase in the number of healthcare organizations targeted in comparison with Q1 2022, dropping the final nail in the coffin for the “truce” some criminal groups instituted earlier in the COVID pandemic. Ransomware helped to fuel this uptick against healthcare as attacks increased this quarter to once again become the top threat, followed closely by email compromise.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a United States Federal Law designed to protect sensitive patient information from unauthorized disclosure, either through accidental data leakage or the result of a planned cyberattack.

In Q2 2022, Kroll observed a 90% increase in attacks against the health care sector in comparison with Q1 2022, making it the most affected sector during this period. While this may signal the official end of the pandemic-era “truce” that many cybercriminals promised at the onset of COVID-19, threat actors are continuing to leverage other hallmarks of the pandemic, such as remote work access, to gain a foothold into victim networks.

Building a HIPAA-compliant security program is a very time intensive and demanding undertaking. It can also be confusing, as satisfying requirements like the HIPAA Security Rule require extensive interpretation and documentation on the part of security professionals. However, by arming yourself with knowledge before beginning the process, you can cut down on unnecessary difficulties.

Within the HIPAA Security Rule are Administrative, Physical, and Technical Safeguards. These safeguards are as important to understand as they are to implement, so let’s get some clarifications for the non-initiated.

Cyberattacks targeting university and government healthcare facilities are on the rise. In the first four months of 2021, the U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center tracked a total of 82 ransomware incidents targeting the healthcare sector, with nearly 60% of them affecting the U.S. market. The impact has been devastating.

The world of healthcare has gone digital. Records can now be transferred anywhere they are needed, from hospital to hospital, or even directly to the patient’s email inbox. While the digitalization of healthcare records is extremely convenient but it is now equally dangerous. These sensitive PHI data are exposed to various forms of cyber threats and vulnerabilities.

If you’re looking for a reason to make protecting legacy systems a priority for your healthcare organization, we’ve got 9.23 million for you. That’s the total number of US dollars lost by the healthcare sector to data breaches alone in 2021– and that number is increasing year on year. In fact, the healthcare sector has been the target of the costliest data breaches of all sectors – including financial, technology, and services – for 11 years.