Blog Feed Post

OnPage’s Guide: Cyberattacks and HIPAA-Compliant Messaging

cyberattacks and HIPAA-compliant messaging

Mobile devices offer clinicians the opportunity to easily engage with patients, coordinate care and ultimately save money, time and improve the quality of healthcare services. At the same time, as mobile devices are increasingly used by healthcare workers (80% use by doctors and 70% use by nurses), they are also becoming an increasing vector for cybersecurity attacks.

The mandates of HIPAA-compliance, if followed, would significantly improve the security of hospitals and clinics. Specifically, HIPAA-compliance requires a high level of security to ensure the safety of patient information. If applied to smartphone communications, cyberintrusions would be mitigated. Increasingly, hospitals need to think of cyberattacks and HIPAA-compliant messaging in the same vein.

The goal of this blog is to investigate how you can improve your institution’s resilience against cyberattacks. To this end, we will delve into the following points:

  • Why we cannot ignore mobile cybersecurity
  • The importance of human factors in maintaining security
  • 3 ways to improve your security footprint

Why we cannot ignore mobile cybersecurity

Clearly, doctors and nurses are pushing more and more information through their mobile devices. At the same time, ransomware attacks on healthcare organizations—the No. 1 cyber-attacked industry—will quadruple by 2020. Combine this fact with the knowledge that Gartner has reported that the focus of endpoint breeches will shift to tablets and smartphones by 2017 and one can begin to see the birth of a new cybersecurity storm.

Additionally, when information has been breached, patients stand to have their personal information compromised. According to information from the Deep Dot Web website, patient records are being sold by a hacker operating in TheRealDeal, a deep web marketplace known for peddling stolen data, codes and zero-day software exploits US$96,000 to $411,000.

In turn, criminals use these records to pretend to be someone else (living or dead) by falsely assuming and using that person’s identity to gain access to resources or services, apply for credit cards or loans, register fake accounts, file fraudulent tax returns to collect rebates, and other activities without the victim’s knowledge or consent. For healthcare organizations, these sorts of data breaches that result in leaked PHI can be incredibly costly, averaging $363 per lost record according to Ponemon.

Impact of human factors on cybersecurity

Human factors – meaning simple human errors such as sending messages to the wrong recipient, loss of the device or logging onto an insecure network – impact the overall security of smartphone device. In fact, 68 percent of healthcare security breaches were due to the loss or theft of mobile devices or files. Further, 48 percent of data lost was on a laptop, desktop computer or mobile device.

Cyberattacks and HIPAA-compliant messaging

The following tips highlight ways that healthcare providers and the institutions they work for can decrease the risk and impact of mobile cyberattacks. Realizing that human factors are the biggest factor in causing attacks, human factors needs to be our first point.

  1. Human factors education. If human factors are the biggest culprit in advancing cyberattacks then they must be first on the agenda when it comes to determining a solution. This means that employees are trained and retrained frequently so they remember security protocols and best practices.
  2. Culture of communication. Educate staff on the virtues of having a culture of communication where it is easy to contact IT support when an issue arises such as a potential malware download. There should be a guilt-free culture around this since if employees are worried they’ll be ridiculed or penalized, they will likely not self-report
  3. Make sure smartphone applications are HIPAA compliant. Lots of patient PHI is passed over communications devices. HIPAA requires that messages containing patient information are also encrypted. If you are using a secure HIPAA-compliant messaging platform then patient information is safe. This means that all messages are encrypted and secure in transit and at rest

Want to learn more about how you can mitigate the impact of cyberattacks and HIPAA compliant messaging? Download our whitepaper, Mitigate Cyberattacks With HIPAA Compliant Communications.

The post OnPage’s Guide: Cyberattacks and HIPAA-Compliant Messaging appeared first on OnPage.

Read the original blog entry...

More Stories By OnPage Blog

OnPage is a disruptive technology and application that leverages today's technology and smartphone capabilities for priority mobile messaging. With a top notch history of ensuring uninterrupted communication for businesses and critical response organizations, OnPage is once again poised to pioneer new mobile communications methodology for business and organizational use.

Latest Stories
"We are focused on SAP running in the clouds, to make this super easy because we believe in the tremendous value of those powerful worlds - SAP and the cloud," explained Frank Stienhans, CTO of Ocean9, Inc., in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"Peak 10 is a hybrid infrastructure provider across the nation. We are in the thick of things when it comes to hybrid IT," explained , Chief Technology Officer at Peak 10, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We are still a relatively small software house and we are focusing on certain industries like FinTech, med tech, energy and utilities. We help our customers with their digital transformation," noted Piotr Stawinski, Founder and CEO of EARP Integration, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I think DevOps is now a rambunctious teenager – it’s starting to get a mind of its own, wanting to get its own things but it still needs some adult supervision," explained Thomas Hooker, VP of marketing at CollabNet, in this SYS-CON.tv interview at DevOps Summit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"We've been engaging with a lot of customers including Panasonic, we've been involved with Cisco and now we're working with the U.S. government - the Department of Homeland Security," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In the enterprise today, connected IoT devices are everywhere – both inside and outside corporate environments. The need to identify, manage, control and secure a quickly growing web of connections and outside devices is making the already challenging task of security even more important, and onerous. In his session at @ThingsExpo, Rich Boyer, CISO and Chief Architect for Security at NTT i3, discussed new ways of thinking and the approaches needed to address the emerging challenges of security i...
"We're here to tell the world about our cloud-scale infrastructure that we have at Juniper combined with the world-class security that we put into the cloud," explained Lisa Guess, VP of Systems Engineering at Juniper Networks, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
"I will be talking about ChatOps and ChatOps as a way to solve some problems in the DevOps space," explained Himanshu Chhetri, CTO of Addteq, in this SYS-CON.tv interview at @DevOpsSummit at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
In his session at 20th Cloud Expo, Mike Johnston, an infrastructure engineer at Supergiant.io, discussed how to use Kubernetes to set up a SaaS infrastructure for your business. Mike Johnston is an infrastructure engineer at Supergiant.io with over 12 years of experience designing, deploying, and maintaining server and workstation infrastructure at all scales. He has experience with brick and mortar data centers as well as cloud providers like Digital Ocean, Amazon Web Services, and Rackspace. H...
"We are an IT services solution provider and we sell software to support those solutions. Our focus and key areas are around security, enterprise monitoring, and continuous delivery optimization," noted John Balsavage, President of A&I Solutions, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
What sort of WebRTC based applications can we expect to see over the next year and beyond? One way to predict development trends is to see what sorts of applications startups are building. In his session at @ThingsExpo, Arin Sime, founder of WebRTC.ventures, discussed the current and likely future trends in WebRTC application development based on real requests for custom applications from real customers, as well as other public sources of information.
Your homes and cars can be automated and self-serviced. Why can't your storage? From simply asking questions to analyze and troubleshoot your infrastructure, to provisioning storage with snapshots, recovery and replication, your wildest sci-fi dream has come true. In his session at @DevOpsSummit at 20th Cloud Expo, Dan Florea, Director of Product Management at Tintri, provided a ChatOps demo where you can talk to your storage and manage it from anywhere, through Slack and similar services with...
The financial services market is one of the most data-driven industries in the world, yet it’s bogged down by legacy CPU technologies that simply can’t keep up with the task of querying and visualizing billions of records. In his session at 20th Cloud Expo, Karthik Lalithraj, a Principal Solutions Architect at Kinetica, discussed how the advent of advanced in-database analytics on the GPU makes it possible to run sophisticated data science workloads on the same database that is housing the rich...
DevOps at Cloud Expo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to w...
SYS-CON Events announced today that Massive Networks will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Massive Networks mission is simple. To help your business operate seamlessly with fast, reliable, and secure internet and network solutions. Improve your customer's experience with outstanding connections to your cloud.