.st0{fill:#FFFFFF;}

2022 Recap and 2023 Predictions – Ep 387 

 December 30, 2022

By  Donna Grindle

predictionsThis is one of our favorite episodes of the year. We will recap our 2022 privacy and security predictions and then make new predictions for 2023. Aside from the obvious predictions like “ransomware will increase”, our predictions will give you what we think you are going to be hearing about that you should worry about in 2023.

A 5 star review is all we ask from our listeners.
1x
Free HIPAA Training
Subscribe to the weekly email update from HMWH

I have read and agreed to your Privacy Policy

In this episode:

2022 Recap and 2023 Predictions – 387

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

 Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity. 

The Privacy and Security Boot Camp

3.5 day In Person Event

Mar 12, 13, 14 and 15, 2023

PriSecBootCamp.com

Great idea! Share Help Me With HIPAA with one person this week!

Learn about offerings from the Kardon Club

and HIPAA for MSPs!

Thanks to our donors. We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com

Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!


HIPAA Say What!?!

[08:05]

1 – Alexa doesn’t do 3rd party HIPAA skills anymore. They can still do healthcare just not HIPAA covered healthcare. We talked about this when it first came out that it would be very tricky. Looks like they didn’t have a lot of takers or the tricky part was too much for them to keep up and running.

2 – HPH warnings continue from HC3 about ransomware attacks. We have heard from them about all of these ransomware gangs: Royal, Cuba, Venus, Lorenz and Hive.

CommonSpirit Health which has 142 hospitals and over 2,200 other sites across 21 states has been battling an attack since Oct. it is most likely one or several of these have hit them.

3 – Stay off TikTok. It has lots of security issues which makes it a bad idea period. Plus, people do stupid stuff on it. Case in point, a group of labor and delivery nurses from Emory University Hospital where fired recently over their “icks” TikTok video.

2022 Recap and 2023 Predictions

[18:29] Our 2022 Predictions episode shows that we played it pretty safe for the most part. However, we were pretty spot on for a lot of them.

  1. Supply Chain will continue to be a big story for two reasons.
    1. Cyberattacks in the supply chain.
    2. The inability to get equipment will start to impact our ability to replace hardware elements needed. That means operating with out of date or unstable equipment.
  2. Ransomware will continue to evolve.
  3. More pressure on businesses to do better
    1. Cyber coverage rates skyrocketing will force many companies to rethink the “I have insurance” approach to cybersecurity.
    2. Cyber insurance coverage will increasingly depend on the existing level of cybersecurity posture, and organizations will have cybersecurity standards they’re expected to meet.
    3. SEC penalties for lack of transparency will extend to vulnerabilities and not just incident disclosure.
    4. New cryptocurrency regulation in several countries will change the nature of ransomware, discouraging any but the bigger gangs who typically target larger organizations.
    5. Ransomware disclosure laws (proposed by Senator Warren) will get push back for private companies. Still, the list of “terrorist organizations” that can’t be paid ransom will increase greatly to make up for it.
    6. State privacy and fraud regulations that can be used as they were in recent NJ cases.
    7. How will regulations affect businesses? (carrot or stick)
  4. HIPAA Specific – Recognized Security Practices Adoption and Privacy Rule NPRM
    1. Changes are past due for Privacy. The NPRM for the Privacy Rule changes that’s been sitting out there over a year. There are a lot of good things in it, so hopefully there will be headway made on it.
    2. RecSec can be done now, but needs specific implementation guidelines from OCR.
  5. Vulnerable software will continue to be discovered regularly including the zero days.
    1. VPN, RDP, IoT, IoMT, OT along with servers – The Internet is Held Together With Spit & Baling Wire
    2. Log4j patch – Extremely Critical Log4J Vulnerability Leaves Much of the Internet at Risk
    3. Home networks routers
  6. (Honorable Mention) Deep Fakes

2023: What Do We Think

[32:34]
  1. Cyber Coverage costs will be driving adoption of formal cyber security programs, more than regulations.
    1. Regulators can’t easily do what your insurance company can do.
  2. Tight budgets will continue to squeeze out as much as possible from IT and cybersecurity but there isn’t much more than can be squeezed.
    1. These budgets were already short and it showed.
    2. Those who cut more will be most likely to worry about the impacts from item 1
  3. Recognized Security Practices education will begin to create discussions with leadership concerning implementation.
  4. Healthcare cybersecurity will get attention in Congress since it is one of the very rare things that both sides can work together to accomplish something.
  5. Cybersecurity will change at an even faster pace on both sides. Threats will increase and evolve at a faster rate. Cybersecurity defenders (tools, info, etc.) will also see a more rapid change. Hang on for the ride.
  6. Web 3.0 and AI will be the buzz words of the year working in tandem.
  7. [44:08] Human-operated ransomware will become a bigger threat. As advanced attacks continue to emerge, human-operated ransomware is becoming an inevitable threat. As these ransomware gangs use increasingly sophisticated techniques, security teams must adapt their protection strategies accordingly.
  8. As much as I don’t want to put this on the list again… Supply Chain will still be big news. Watch out MSPs.
  9. Attacks against critical infrastructure will be a problem (not just cyber).
  10. Donna and David will refresh and relaunch HIPAA For MSPs and Kardon Club. It will be the premier and exclusive resource for PriSec, both within healthcare entities and Managed Service Providers. CHMSP will be the only certification for MSPs accredited by a healthcare accreditation association.
  11. User authentication methods will change (and hopefully improve). Google has just released a new authenticated token system that, once more widely adopted, will be a move in the right direction. We already did an episode on new options earlier this year when we covered FIDO.
  12. Cyber Risk Management will proliferate 🙂.

2022 hasn’t been that bad. It hasn’t been that good, but it hasn’t been that bad, either. Especially when you consider how crazy 2020 and 2021 were. So, here’s to hoping that 2023 is an improvement over 2022. Happy New Year, everyone!

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!

HIPAA is not about compliance,

it’s about patient care.TM

Special thanks to our sponsors Security First IT and Kardon.

HelpMeWithHIPAA.com Is A
Collaborative Project

Created & Sponsored By: