At the beginning of 2016, we did some speculation about what the year would be like in the cybersecurity and HIPAA worlds. Today our plan is to review how we did for 2016 and explain why we expect healthcare breaches continue in 2017.
Lots of things happened over the last year. Many we expected and others we didn’t see coming. Obviously the huge breaches of 2015 made us expect that healthcare breaches continue into 2016. We had no idea just what that meant was coming though!
- Enforcement is 4 times what it has been in the past.
- Almost $24M in settlements,
- Audit program
- Guidance on ransomware, patient access rights, and more
- Over 300 breaches on wall of shame
Cybersecurity necessary for all
- Phishing over 90% malware
- Ransomware explodes
- Hollywood Presbyterian
- NM group that still doesn’t have access to data 3 months later
- The saga continues
- IoT Mirai shuts down the internet successfully
2017 Healthcare Breaches Continue
Where are we going in 2017?
Malware gets more tricky
- Backdoors and infiltration
- Malware left over (in addition to the ransomware) – hey look over here while I plant a bomb
- Malware embedded in images and advertising
- Merge of TDO blackmail with ransomware – steal your data until you pay
- delete files each hour
- TDO hitting MSPs
- discussed yesterday in member session
- MongoDB alerts for weeks
- Emory Healthcare Brain Center lost their Mongodb this week
- Password managers being used but not correctly makes them vulnerable to attack
- IoT botnets used for more by more
- Medical Device security now part of FDA guidance but is it soon enough
Will anything “go away”
- Some changes possible but not too much with HIPAA
Resolutions or Intentions for 2017
- Our compliance officer plans for 2017
- Take cyber seriously – everyone. Focused on cyber vs no focused.
- Respond timely to texts and emails
- Be more present IRL
- Millennials especially need to learn what that means
- Update EVERYTHING
- Digital de-cluttering