Blog Feed Post

OnPage’s Guide: Cyberattacks and HIPAA-Compliant Messaging

cyberattacks and HIPAA-compliant messaging

Mobile devices offer clinicians the opportunity to easily engage with patients, coordinate care and ultimately save money, time and improve the quality of healthcare services. At the same time, as mobile devices are increasingly used by healthcare workers (80% use by doctors and 70% use by nurses), they are also becoming an increasing vector for cybersecurity attacks.

The mandates of HIPAA-compliance, if followed, would significantly improve the security of hospitals and clinics. Specifically, HIPAA-compliance requires a high level of security to ensure the safety of patient information. If applied to smartphone communications, cyberintrusions would be mitigated. Increasingly, hospitals need to think of cyberattacks and HIPAA-compliant messaging in the same vein.

The goal of this blog is to investigate how you can improve your institution’s resilience against cyberattacks. To this end, we will delve into the following points:

  • Why we cannot ignore mobile cybersecurity
  • The importance of human factors in maintaining security
  • 3 ways to improve your security footprint

Why we cannot ignore mobile cybersecurity

Clearly, doctors and nurses are pushing more and more information through their mobile devices. At the same time, ransomware attacks on healthcare organizations—the No. 1 cyber-attacked industry—will quadruple by 2020. Combine this fact with the knowledge that Gartner has reported that the focus of endpoint breeches will shift to tablets and smartphones by 2017 and one can begin to see the birth of a new cybersecurity storm.

Additionally, when information has been breached, patients stand to have their personal information compromised. According to information from the Deep Dot Web website, patient records are being sold by a hacker operating in TheRealDeal, a deep web marketplace known for peddling stolen data, codes and zero-day software exploits US$96,000 to $411,000.

In turn, criminals use these records to pretend to be someone else (living or dead) by falsely assuming and using that person’s identity to gain access to resources or services, apply for credit cards or loans, register fake accounts, file fraudulent tax returns to collect rebates, and other activities without the victim’s knowledge or consent. For healthcare organizations, these sorts of data breaches that result in leaked PHI can be incredibly costly, averaging $363 per lost record according to Ponemon.

Impact of human factors on cybersecurity

Human factors – meaning simple human errors such as sending messages to the wrong recipient, loss of the device or logging onto an insecure network – impact the overall security of smartphone device. In fact, 68 percent of healthcare security breaches were due to the loss or theft of mobile devices or files. Further, 48 percent of data lost was on a laptop, desktop computer or mobile device.

Cyberattacks and HIPAA-compliant messaging

The following tips highlight ways that healthcare providers and the institutions they work for can decrease the risk and impact of mobile cyberattacks. Realizing that human factors are the biggest factor in causing attacks, human factors needs to be our first point.

  1. Human factors education. If human factors are the biggest culprit in advancing cyberattacks then they must be first on the agenda when it comes to determining a solution. This means that employees are trained and retrained frequently so they remember security protocols and best practices.
  2. Culture of communication. Educate staff on the virtues of having a culture of communication where it is easy to contact IT support when an issue arises such as a potential malware download. There should be a guilt-free culture around this since if employees are worried they’ll be ridiculed or penalized, they will likely not self-report
  3. Make sure smartphone applications are HIPAA compliant. Lots of patient PHI is passed over communications devices. HIPAA requires that messages containing patient information are also encrypted. If you are using a secure HIPAA-compliant messaging platform then patient information is safe. This means that all messages are encrypted and secure in transit and at rest

Want to learn more about how you can mitigate the impact of cyberattacks and HIPAA compliant messaging? Download our whitepaper, Mitigate Cyberattacks With HIPAA Compliant Communications.

The post OnPage’s Guide: Cyberattacks and HIPAA-Compliant Messaging appeared first on OnPage.

Read the original blog entry...

More Stories By OnPage Blog

OnPage is a disruptive technology and application that leverages today's technology and smartphone capabilities for priority mobile messaging. With a top notch history of ensuring uninterrupted communication for businesses and critical response organizations, OnPage is once again poised to pioneer new mobile communications methodology for business and organizational use.

Latest Stories
"ZeroStack is a startup in Silicon Valley. We're solving a very interesting problem around bringing public cloud convenience with private cloud control for enterprises and mid-size companies," explained Kamesh Pemmaraju, VP of Product Management at ZeroStack, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Codigm is based on the cloud and we are here to explore marketing opportunities in America. Our mission is to make an ecosystem of the SW environment that anyone can understand, learn, teach, and develop the SW on the cloud," explained Sung Tae Ryu, CEO of Codigm, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
In his session at 21st Cloud Expo, Carl J. Levine, Senior Technical Evangelist for NS1, will objectively discuss how DNS is used to solve Digital Transformation challenges in large SaaS applications, CDNs, AdTech platforms, and other demanding use cases. Carl J. Levine is the Senior Technical Evangelist for NS1. A veteran of the Internet Infrastructure space, he has over a decade of experience with startups, networking protocols and Internet infrastructure, combined with the unique ability to it...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, discussed how by using ne...
"CA has been doing a lot of things in the area of DevOps. Now we have a complete set of tool sets in order to enable customers to go all the way from planning to development to testing down to release into the operations," explained Aruna Ravichandran, Vice President of Global Marketing and Strategy at CA Technologies, in this SYS-CON.tv interview at DevOps Summit at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"There's plenty of bandwidth out there but it's never in the right place. So what Cedexis does is uses data to work out the best pathways to get data from the origin to the person who wants to get it," explained Simon Jones, Evangelist and Head of Marketing at Cedexis, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"Cloud Academy is an enterprise training platform for the cloud, specifically public clouds. We offer guided learning experiences on AWS, Azure, Google Cloud and all the surrounding methodologies and technologies that you need to know and your teams need to know in order to leverage the full benefits of the cloud," explained Alex Brower, VP of Marketing at Cloud Academy, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clar...
Large industrial manufacturing organizations are adopting the agile principles of cloud software companies. The industrial manufacturing development process has not scaled over time. Now that design CAD teams are geographically distributed, centralizing their work is key. With large multi-gigabyte projects, outdated tools have stifled industrial team agility, time-to-market milestones, and impacted P&L stakeholders.
Gemini is Yahoo’s native and search advertising platform. To ensure the quality of a complex distributed system that spans multiple products and components and across various desktop websites and mobile app and web experiences – both Yahoo owned and operated and third-party syndication (supply), with complex interaction with more than a billion users and numerous advertisers globally (demand) – it becomes imperative to automate a set of end-to-end tests 24x7 to detect bugs and regression. In th...
Enterprises are moving to the cloud faster than most of us in security expected. CIOs are going from 0 to 100 in cloud adoption and leaving security teams in the dust. Once cloud is part of an enterprise stack, it’s unclear who has responsibility for the protection of applications, services, and data. When cloud breaches occur, whether active compromise or a publicly accessible database, the blame must fall on both service providers and users. In his session at 21st Cloud Expo, Ben Johnson, C...
"Infoblox does DNS, DHCP and IP address management for not only enterprise networks but cloud networks as well. Customers are looking for a single platform that can extend not only in their private enterprise environment but private cloud, public cloud, tracking all the IP space and everything that is going on in that environment," explained Steve Salo, Principal Systems Engineer at Infoblox, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Conventio...
Data scientists must access high-performance computing resources across a wide-area network. To achieve cloud-based HPC visualization, researchers must transfer datasets and visualization results efficiently. HPC clusters now compute GPU-accelerated visualization in the cloud cluster. To efficiently display results remotely, a high-performance, low-latency protocol transfers the display from the cluster to a remote desktop. Further, tools to easily mount remote datasets and efficiently transfer...
"Akvelon is a software development company and we also provide consultancy services to folks who are looking to scale or accelerate their engineering roadmaps," explained Jeremiah Mothersell, Marketing Manager at Akvelon, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
"MobiDev is a software development company and we do complex, custom software development for everybody from entrepreneurs to large enterprises," explained Alan Winters, U.S. Head of Business Development at MobiDev, in this SYS-CON.tv interview at 21st Cloud Expo, held Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA.
Agile has finally jumped the technology shark, expanding outside the software world. Enterprises are now increasingly adopting Agile practices across their organizations in order to successfully navigate the disruptive waters that threaten to drown them. In our quest for establishing change as a core competency in our organizations, this business-centric notion of Agile is an essential component of Agile Digital Transformation. In the years since the publication of the Agile Manifesto, the conn...