Doctors News Hubb
Advertisement Banner
  • Home
  • News
  • Healthcare
  • Public Health
  • Paramedic
  • Nursing
  • Contact Us
No Result
View All Result
  • Home
  • News
  • Healthcare
  • Public Health
  • Paramedic
  • Nursing
  • Contact Us
No Result
View All Result
Doctors News Hubb
No Result
View All Result
Home Healthcare

Healthcare vendor cyberattacks put patient data at risk

admin by admin
January 3, 2023
in Healthcare


Cybercriminals seeking to seize sensitive health information are increasingly targeting vulnerable vendors to get around the safeguards healthcare providers, insurers and other entities have erected to protect patient data.

As healthcare organizations more commonly tap third-party vendors to handle business functions, cybersecurity experts warn they’re creating opportunities for hackers. Data breaches of vendors, which fall under the business associate category on the Health and Human Services Department’s Office for Civil Rights breach portal, have grown in number and scale over the past five years.

Through November, there have been 116 reported breaches on business associates that affected 17.7 million patients. These accounted for 17.5% of healthcare breaches but 36.1% of patients whose data were exposed so far this year. Only 40 breaches hit business associates, involving 5.9 million patient’s data, during the same period in 2018.

Hackers view the data vendors possess as a “treasure trove,” said Jeff Krull, a partner who leads the cybersecurity practice at the consulting firm Baker Tilly.

Instead of breaching one organization’s data, criminals can obtain data from multiple providers and health plans that includes patient names, addresses, Social Security numbers, and treatment and prescription information. The cyberattack on printing and mailing service OneTouchPoint, detected in April, involved more than three dozen providers and insurers, including Humana, Kaiser Permanente and several Blue Cross and Blue Shield companies, and affected more than 4 million patients—making it the biggest healthcare attack reported this year.

“If a threat actor can identify that a vendor’s working with 10 or 12 hospital systems and healthcare plans, that’s going to make them a very high-value target,” said Alexander Urbelis, a senior counsel at the law firm Crowell & Moring who specializes in identifying cybersecurity threats.

Why now?

Health systems are increasingly using vendors to achieve financial, operational and clinical efficiencies, especially amid the workforce shortage, said John Riggi, the national advisor for cybersecurity and risk at the American Hospital Association.

“They just may not have the human resources or the human capital internally to affect certain business processes,” Riggi said. Large health systems may rely on thousands of vendors for administrative services, including payroll and electronic health records, and for software that runs medical devices such as X-ray machines and radiology equipment.

Stressed supply chains and financial issues at hospitals, exacerbated by the COVID-19 pandemic, are driving them to sign contracts with vendors. “You might be looking to outsource something you did in-house before to save some money,” Krull said.

These broader circumstances make it more difficult for healthcare organizations to invest in stronger security measures, Krull added. “It really creates this perfect storm,” he said.

While healthcare companies are strategically looking to contractors to improve business operations and clinical services, other vendor relationships are falling into their laps as health systems expand. “If there is a merger or acquisition, you’re taking on not only that entity, but also all their relationships,” Riggi said.

Yet health systems may opt to hire vendors to carry out tasks such as patient testing even when they are aware the contractor lacks strong cybersecurity measures if they conclude patient outcomes outweigh the risks, Krull said.

Attacks involving insurers happen less frequently than those on providers. Because they don’t have patients walking in and out doors, insurers can operate more as self-contained businesses and tightly control who has access to information, Krull said.



Source link

Advertisement Banner
Previous Post

Lower Academic Achievement at Age 12 is Associated with Preterm Birth

Next Post

Intervention Based on Behaviorally-informed EHRs to Reduce Blood Pressure

Related Posts

Healthcare

ARCH, General Catalyst launch clinical trial tech company Paradigm

January 29, 2023
Healthcare

HCA to push ahead on capital projects, M&A in 2023

January 28, 2023
Healthcare

THCB Gang Episode 113, Thursday January 26 1pm PT 4pm ET – The Health Care Blog

January 28, 2023
Healthcare

Hive hackers gang that targeted hospitals infiltrated by FBI

January 27, 2023
Healthcare

A Father-Son Interview – The Health Care Blog

January 27, 2023
Healthcare

PacificSource Health Plans taps Dr. John Espinola as CEO

January 26, 2023
Next Post

Intervention Based on Behaviorally-informed EHRs to Reduce Blood Pressure

Recommended

Physicians Say Faulty Oxygen Devices Put Lives in Peril

3 months ago

THCB Gang Episode 108, Thursday December 1, 1pm PT – 4p – The Health Care Blog

2 months ago

CMS increases ESRD facilities 2023 payment

3 months ago

New VC Fund Angelini Ventures Launches to Find Next Big Digital Health & Biotech Disruptors – The Health Care Blog

2 months ago

Centene to sell Magellan Specialty Health to Evolent Health

2 months ago

© 2022 Doctors News Hubb All rights reserved.

Use of these names, logos, and brands does not imply endorsement unless specified. By using this site, you agree to the Privacy Policy and Terms & Conditions.

Navigate Site

  • Home
  • News
  • Healthcare
  • Public Health
  • Paramedic
  • Nursing
  • Contact Us

Newsletter Sign Up.

No Result
View All Result
  • Home
  • News
  • Healthcare
  • Public Health
  • Paramedic
  • Nursing
  • Contact Us

© 2022 Doctors News Hubb All rights reserved.