Analecta Cyber Company Blog: June 2016


Stakeholder buy-in is key to building Healthcare Cybersecurity Program

Cybercriminals are continuously refining methods and approaches to score a big data heist in healthcare IT infrastructure. Without a doubt, 2015 was a tough year to cybersecurity, and it doesn't look like 2016 will be much better. According to a “Data Breach Report” on December 2015 by the Identity Theft Resource Center (ITRC), over 120 million patient records were compromised.


Cybersecurity awareness training is critical for Healthcare employees

You may have multiple security features in your organization’s network systems but it will not deter an experienced hacker from infiltrating your system and stealing patient data. A single click from an employee and all your defenses can be rendered useless.
A cybersecurity awareness training program is an effective tool designed to educate employees about threats in cybersecurity. They will be taught how to properly handle critical situations and become an integral part of your cyber defense.


2.2 Million patient records breached at Cancer Treatment Center

The 21st Century Oncology Holdings, a cancer treatment center, lost control of healthcare records for more than 2 million patients in a data breach discovered on March 4th this year.  The FBI and a team of forensics investigators are investigating the case. So far they have learned that the hackers were able to steal important patient information including patient names, treatment & insurance details, physician’s names and social security numbers.

The hackers gained access to critical patient record databases in October. Over the next month they were able to identify, collect and extract the PHI data.


W2s stolen from California hospital in phishing scam

An email phishing scam affected more than 2,000 employees at Saint Agnes Medical Center. Kelley Sanchez, the hospital’s spokeswoman, said that the information obtained by the scammers were from the W2s of individual who worked at the hospital in 2015. The W2 form, a Federal tax document, includes the employee's name, social security number, salary details, and home address. The hospital believes that patient data remained secure and that Health IT systems were not compromised.

As part of the incident response the hospital contacted the FBI and has offered the affected employees one-year of identity theft protection and credit monitoring.


Cybersecurity for mobile devices in healthcare management

Healthcare practices continue to deploy mobile devices for healthcare management and mobile treatment. These health information technology advances bring opportunities for significant cost savings and improved patient care; but they also bring new risks for cybersecurity and HIPAA compliance. The first step in ensuring a robust defense from cyber threats is to understand the risks these devices bring.