The Latest News on Security, Privacy & Compliance
There are a lot of privacy, security and compliance topics making headlines across the industry. For example, malware plagues the industry after a hospital paid hackers for a recent security incident, OCR released new guidance and issued another penalty for non-compliance of HIPAA, the medical device security threat continues to loom, and HIMSS 2016 kicks off in a few days. Read this month's newsletter to catch up on some of the biggest headlines around the industry and at CynergisTek.
dNew Ransomware "Locky" Threatens Security After Hospital Pays Hackers for Recent Incident

Recently, Mac McMillan, CEO of CynergisTek, wrote a guest blog post for  HealthcareITNews , "Ransomware: What will it take to be prepared?" which  discusses current malware attacks targeting healthcare after the recent Hollywood Presbyterian Medical Center (HPMC) incident resulted in the hospital paying $17,000 to the hackers. In this post, he explains that malware is not a new threat, but there is a new ransomware called Locky that has surfaced recently. It was first reported in mid-February and researchers saw upwards of 4,000 new infections per hour, or approximately 100,000 per day, shortly after being identified.

bTrio of New Guidance From HHS Shows New Attention to HIPAA & e-PHI

HHS released new regulatory guidance in the form of factsheets designed to demonstrate how the HIPAA Privacy Rule permits the sharing of Protected Health Information (PHI) in Health Information Exchange (HIE). OCR opened a new front on its efforts to promote health information privacy and security through helping healthcare industry stakeholders with advisory materials to educate developers of software applications that handle sensitive consumer information and how the HIPAA Rules might apply to scenarios in which they are used. Also, CMS once again extended the deadline for hospitals and eligible providers filing the attestation for the 2015 Meaningful Use program year. Read more for CynergisTek's summary of the new guidance. 

eNew Infographic: 2016 Privacy & Security Outlook

The healthcare industry experienced  many different privacy and security trends and challenges in 2015, such as mega breaches, increasing enforcement of health information privacy and security regulations by federal and state governments, and the continued emergence of healthcare as a target for cybercriminals. View our latest infographic that highlights what we think will trend in 2016 for healthcare IT. 
View the infographic>>

Attending HIMSS16 next week?

CynergisTek will be very active during HIMSS in Las Vegas February 29 - March 4, 2016. Our CEO Mac McMillan will present on two cybersecurity topics. The first session  is with Jay Adams, Director of Information Security at Tallahassee Memorial Healthcare, "Compliance Does Not Equal Security", and the second presentation is with Chuck Kesler, CISO of Duke Medicine, "Best Practices for Protecting Against Cyber Attacks".

Stop by booth 131 to test your ability to identify a phishing email with our educational game "Squish a Phish" and enter for a chance to win an Apple Watch Sport.*

If you would like to meet with CynergisTek while at HIMSS please fill out our meeting request form.

cOCR Issues Civil Monetary Penalty

Earlier this month OCR made it clear that it will issue penalties when healthcare organizations fail to resolve security issues found during an investigation. Lincare Inc. is faced with a $239,800 civil monetary penalty. The investigation started late in 2008 and found that Lincare had inadequate policies and procedures in place to protect PHI. Typically, levying civil money  penalties  is a last resort, as OCR prefers voluntary compliance after an investigation.

fLax Medical Device Security Needs Urgent Action

Recently, Mac McMillan discussed the security risks of medical devices and the lack of governing controls and standards when developing medical devices. He calls the industry to action, saying, "r egulatory pressure to produce improvement in this area (risks associated with medical devices) may be the only thing that will work. We need the government to be the change agent here, and the FTC and FDA should lead within their respective areas of responsibility." 

2016 Outlook on Cybersecurity, OCR Audits & More

Physicians Practice recently published an outlook to industry challenges in 2016. It highlights the failing state of data security in healthcare and trends healthcare providers should be concerned about, such as increasing malware and targeted phishing attacks. It also answers the question of whether the new OCR HIPAA compliance audit program is something worth losing sleep over. 

CynergisTek Featured in Austin Business Journal

CynergisTek is headquartered in Austin, Texas, and  Austin Business Journal recently featured an article on CynergisTek's explosive growth. The article highlights how growth is attributed to cybercriminal attacks increasing 125% since 2010 and being the leading cause of breaches in 2015.  "We have the position we have in the industry because we don't sell fear and doubt. We sell education and awareness," Dr. Michael Mathews, COO, told ABJ. "What we've seen in marketplace is this appetite for having a partner that knows the regulatory space." 

Thank you for reading this month's newsletter. Email us if you would like to see additional topics addressed in the future.
A printable version of this month's newsletter is available.