As it sustains to investigate a cyber threat and provide initial public notification through the media, MaineGeneral is experiencing a current phenomenon of such attacks—addressing with fraudsters after the attack has been appreciated.
The delivery network is warning sufferers, workers and donors who may be affected of agencies providing identity protection facilities for a fee. Like many contributors that have been breached, MaineGeneral will be providing free credit monitoring facilities when it is ready to formally send violation notification to those thought to be impacted. “Be conscious of paid facilities and never provide your personal data to persons you do not know,” MaineGeneral recommends.
For now, MaineGeneral sustains to work with the FBI and violation remediation firm AllClearID to better comprehend the extent of the threat, and likely also has been in contact with the HHS Office for Civil Rights, which imposes the HIPAA privacy, security and violation notification rules but also provides guidance in recovering from the violation.
A HIPAA attorney at the Pillsbury Winthrop Shaw Pittman law firm, Gerry Hinkley, point outs that if an agency does not know how great the violation is, OCR recommends it offer an initial estimate that can always be upgraded later.
“This seems likely to have been the outcome of a worker victimized by a phishing email,” Hinkley states. “Occurrence of this kind of threat is on the dramatic increase and we have recommended companies to undertake particular training relating to phishing and to test their workers’ gullibility by staging artificial phishing exercises to analyze how many workers are likely to fall prey, then better aimed training.”
Under a phishing policy, a worker is fooled by an individual considered to be trusted to disclose credentials like username and password to approach a data system.
HIPAA attorney Daniel Gottlieb at McDermott Will & Emery points out that the HHS Office of Inspector General alerts healthcare stakeholders that cyber criminal can attack merely about any connected data system or medical tool to get inside a network. This can involve not merely a EHRs system but radiology systems, dialysis machines, medication dispensing systems, laptops and smart phones, among other any technologies.
But the HHS OIG itself may be behind the times and wanting to catch up to the cyber attack. In its year 2016 work policy, the organization demonstrates it will observe if the Food and Drug Administration’s oversight of hospitals’ networked tools is enough to secure electronic protected health data.
“Government regulation of this place has been very slow,” points out Veleka Peeples-Dyer of McDermott Will & Emery. “The FDA instructions finalized last October only suggested that medical device manufacturers believe cybersecurity threats in their framework and development phases—they were not needed to do anything. Furthermore, as advancements evolve and the types of threat proliferate, it is generally not possible for the FDA to expect where the law will require going in the future.”
Natalie Lehr, co-founder and director of analytics at cybersecurity firm TSC Advantage, claims that merely because a violation may not expose various protected health data does not mean there is little threat. “While the attack itself does not boost a host of credit abuses, it generates an opening if a sufferer or prospective donor is not educated on how to secure themselves. Experience indicates us that these violations lead to sophisticated follow-on attacks. Data from the violation might be utilized for targeted phishing with the intent to accumulate more sensitive user data.”
Your email address will not be published. Required fields are marked *
Nice post, Thank you for sharing valuable information. I enjoyed readi ...
Any study that compares opioids to other pain-relief medicines? ...
Hey, very nice site. I came across this on Google, and I am stoked tha ...
Thanks for the information. I attended it and it was nice to learn the ...
Oh my goodness! Awesome article dude! Thank you so much. Thanks!! ...
Aetna Announces The Completion of $1 Billion Bond Public Offering
Aetna Declares A Brighter Experience For Entire Members of Aetna Dental Team
Urgent care chain utilizes patient feedback to empower performance
Patrick Conway is quitting CMS to supervise BCBS North Carolina
Copyright© 2015 Healthcare insurance News All Right Reserved