Security threats have increased despite healthcare organizations expanded efforts to educate workers on the risks; security is a process that's never finished, Boston-based Beth Israel Deaconess Medical Center CIO John Halamka writes at his blog.
He cites attacks that have taken place this year, including:
- A clinician downloaded an infected copy of Angry Birds to an Android phone and then logged into his/her email. After a barrage of spam, the Internet service provider blocked the email domain.
- A phishing email mimicked a hospital's Oracle Financials site to steal usernames and passwords that were used to misdirect direct deposits at the real site.
In addition to ramping up education and adding security staff, Halamka says his organization uses filters to scan every embedded URL and attachment on both incoming and outgoing email. It requires every device to be encrypted and physically secured. Beth Israel also uses tools and a dashboard to spot anomalies with device, software and even human behavior.
While work on ICD-10 and Meaningful Use are expected to decrease this year, security work will only increase, he says. However, that could change the myriad industry voices calling for delay of Meaningful Use Stage 3 bring about changes in the government program.
Yet nearly 100 million healthcare records were compromised in five major healthcare attacks this year, according to an article at Security Intelligence, which calls 2015 the year of the breach.
Experts say we can expect more HIPAA enforcement actions from the Health and Human Services Department's Office of Civil Rights and more warnings from the Food and Drug Administration about vulnerabilities in medical devices.
To learn more:
- here's the blog post