18
Sep
2019

A Widening Scope
On May 21, the aforementioned Puerto Rico hospitals discovered that patient information was involved in a “blocking incident” that affected nearly 522,500 individuals total. Although they did not indicate whether they paid the hackers or remedied the situation themselves, the range of the attack makes it the largest ransomware-related breach on the tally this year. Just two days earlier, Imperial Health made a similar discovery—they determined that an unknown party used a malicious virus to infect their system and encrypt its data. They do not believe that any patient information was stolen, but according to their report, the encrypted data included name, date of birth, Social Security number, address, phone number, medical record number, and other clinical information. Meanwhile, the website tally is currently awaiting the addition of 2019’s largest cyber attack so far: a hacking incident that included at least 16 clients of the American Medical Collection Agency, including Quest Diagnostics and LabCorp, and affected over 23 million people. Also pending: New Mexico provider Presbyterian Healthcare Services recently reported a phishing incident involving employee emails that reached more than 180,000 people. According to Presbyterian’s official statement, upon discovering the breach in June, they secured the affected email accounts, began to review the impacted emails, and alerted federal law enforcement.Compliance is Key
HIPAA compliance can make a major difference when it comes to recognizing and reporting attacks on your organization. But ideally, you’ll be able to stop those attacks in their tracks, and that’s where our HIPAA Risk Assessment comes in. With this comprehensive risk assessment, you can evaluate all levels of your organization, including:- Risk Management — Evaluate information and resources to ensure the capability to make risk management decisions
- Policy and Procedures — Ensure policies and procedures follow best practices and are properly implemented
- Infrastructure Security — Workstations, services, and server meet best practices security standards
- Network security — Ensure network is secure and properly monitored
- Data security — All PHI and data is secure and protected