Category Archives: department of health and human services

Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

Posted on by

Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes. Continue reading Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks

Security ills of health care sector draw senator’s attention

Posted on by

A vocal senator on U.S. cybersecurity matters wrote on Monday to four government agencies, seeking more information about how they are working to mitigate cyber risk in the health care sector. Sen. Mark Warner, D-Va., asked the agencies how they were working to resolve apparent security vulnerabilities and urged them to provide strategic recommendations on how to fend off attacks in the medical sector. Warner’s office wrote to the Food and Drug Administration, the Department of Health and Human Services, the Centers for Medicare and Medicaid Services and National Institute of Standards and Technology. The letter comes amid ongoing scrutiny over an apparent lack of security at many health care organizations. Hackers have haunted the industry for years, leveraging medical devices to steal valuable personal information or launch highly publicized ransomware attacks. The senator last week asked a number of health care organizations how the federal government can more effectively help rectify […]

The post Security ills of health care sector draw senator’s attention appeared first on CyberScoop.

Continue reading Security ills of health care sector draw senator’s attention

Health agency looks to bolster cybersecurity with new guidelines for industry

Posted on by

2018 was a busy year for cyberthreats to the health care sector, with more than 3 million patient records breached in the second quarter alone, according to one study. In an effort to learn from those incidents – and build on security progress in the sector – the Department of Health and Human Services (HHS) capped the year by releasing voluntary cybersecurity guidelines for health care professionals. The document, published Dec. 28 and developed with industry experts from the Health Sector Coordinating Council, emphasizes the financial and health impacts of cyber incidents and outlines steps practitioners can take to better secure their systems. HHS lent urgency to the guidelines’ release by underscoring that the same technologies that provide critical treatment to patients can be exploited by hackers to steal patient data or disable hospital systems. “We are under constant cyberattack in the health sector, and no organization can escape that reality,” […]

The post Health agency looks to bolster cybersecurity with new guidelines for industry appeared first on CyberScoop.

Continue reading Health agency looks to bolster cybersecurity with new guidelines for industry

Former HHS CISO to join voting technology vendor as security lead

Posted on by

The former chief information security officer of the Department of Health and Human Services is taking a role at one of the country’s largest voting machine manufacturers as its head of security. ES&S announced on Wednesday that Christopher Wlaschin will be its new vice president of systems security responsible for the company’s security efforts, including that of its products as well as operational and infrastructure security. He will be involved in ensuring the security of ES&S’s products and engaging in the certification process they undergo in order to be used in elections, the company announced Wednesday. “Our priority at ES&S is developing resilient, auditable and secure voting software and equipment to support our customer’s mission of delivering secure, fair and accurate elections,” said ES&S CEO Tom Burt. Wlaschin departed as CISO of HHS last month, which he has said was due to family medical issues. Surrounding his departure, however, was controversy over an investigation of […]

The post Former HHS CISO to join voting technology vendor as security lead appeared first on Cyberscoop.

Continue reading Former HHS CISO to join voting technology vendor as security lead

Medical supply giant Fresenius Medical Care fined $3.5 million for five data breaches

Posted on by

Medical supplies giant Fresenius Medical Care North America (FMCNA) agreed to pay $3.5 million to U.S. federal regulators after five separate data breaches in 2012. The  U.S. Department of Health and Human Services Office for Civil Rights levied the fine along with a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. A federal investigation found the company failed to conduct an accurate risk analysis of vulnerabilities to its protected information. FMCNA filed five breach reports in January 2013 covering incidents from February-July 2012 impacting the electronic protected health information for five FMCNA-owned branches across the United States. The list of violations is long. One branch didn’t encrypt sensitive information, another had no policies around removing hardware from facilities, two businesses had no safeguards against unauthorized access or theft while yet another had no procedure to address security incidents, according to the federal investigation. “The number of breaches, involving […]

The post Medical supply giant Fresenius Medical Care fined $3.5 million for five data breaches appeared first on Cyberscoop.

Continue reading Medical supply giant Fresenius Medical Care fined $3.5 million for five data breaches

Watchdog group calls on HHS to improve cyber defenses

Posted on by

An internal audit of the Department of Health and Human Services’ cybersecurity posture found that four HHS divisions need to improve their security controls, according to a summary report released Tuesday. The HHS’s Office of Inspector General said that it conducted penetration testing on four of HHS’s 11 operating divisions throughout fiscal year 2016 with the help of contractor Defense Point Security. The summary did not specify which divisions were part of the audit, but said that OIG identified “configuration management and access control vulnerabilities.” The OIG hasn’t released the full report to the public, saying that some of the information is restricted. The OIG says it issued recommendations to HHS to improve security controls, but didn’t specify the recommendations. The summary also said that the HHS operating divisions have corrected or are correcting the vulnerabilities, but that the OIG hasn’t validated those corrections yet. Cybersecurity was identified as a focus area in the OIG’s 2017 report […]

The post Watchdog group calls on HHS to improve cyber defenses appeared first on Cyberscoop.

Continue reading Watchdog group calls on HHS to improve cyber defenses

Lawmaker to HHS: Label software in medical devices

Posted on by

The Trump administration should convene a national effort in partnership with the private sector to ensure that the owners and operators of medical devices, hospital IT networks and electronic health records systems can find out what software and other components are in the products they buy, says the chairman of the powerful House Energy and Commerce Committee. In a letter Thursday to acting Health and Human Services Secretary Eric Hargen, committee Chairman Greg Walden, R-Ore., notes a congressionally chartered task force on health care cybersecurity earlier this year recommended such transparency requirements. The congressional report said there should be a “Bill of Materials” (BOM) for medical products because hospital IT managers and network administrators “must first understand what they have on their systems, before they can determine whether these technologies are impacted by a given threat or vulnerability.” “We write today to request that [HHS] convene a sector-wide effort to develop a plan of action for creating, deploying and leveraging BOMs […]

The post Lawmaker to HHS: Label software in medical devices appeared first on Cyberscoop.

Continue reading Lawmaker to HHS: Label software in medical devices

New bill would transform cybersecurity at Dept. of Health and Human Services

Posted on by

A bill aimed to reorganize and sharply focus cybersecurity at the Department of Health and Human Services (HHS) was reintroduced on Wednesday by Rep. Billy Long, R-Miss., and Rep. Doris Matsui, D-Calif. The HHS Cybersecurity Modernization Act comes in response to congressional hearings on the state of cybersecurity in the health care sector. A recent federal task force report on the state of hospital cybersecurity was starkly negative in its diagnosis. “Many organizations cannot afford to retain in-house information security personnel, or designate an information technology (IT) staff member with cybersecurity as a collateral duty,” the task force reported. “These organizations often lack the infrastructure to identify and track threats, the capacity to analyze and translate the threat data they receive into actionable information, and the capability to act on that information.” Critics say the federal effort toward cybersecurity in the health care sector lacks clear leadership and focus. The new legislation would grant the chief information […]

The post New bill would transform cybersecurity at Dept. of Health and Human Services appeared first on Cyberscoop.

Continue reading New bill would transform cybersecurity at Dept. of Health and Human Services

Federal report: Hospital cybersecurity is in ‘critical condition’

Posted on by

Many American hospitals and health care practices are critically vulnerable to cyberattack and lack the resources to protect against rising threats, according to a long-awaited report issued by the U.S. Department of Health and Human Service’s Health Care Industry Cybersecurity Task Force. The starkly negative report points to problems beyond hardware and software. The task force, established a year go, is made up of 21 security experts, health care professionals and government officials. “Many organizations cannot afford to retain in-house information security personnel, or designate an information technology (IT) staff member with cybersecurity as a collateral duty,” the task force reported. “These organizations often lack the infrastructure to identify and track threats, the capacity to analyze and translate the threat data they receive into actionable information, and the capability to act on that information.” The talent shortage that hampers cybersecurity in all sectors hits health care especially hard so that the industry leans especially hard on part-time positions or […]

The post Federal report: Hospital cybersecurity is in ‘critical condition’ appeared first on Cyberscoop.

Continue reading Federal report: Hospital cybersecurity is in ‘critical condition’