A biweekly collection of cyber-related articles affecting the healthcare industry, curated with the goal of helping NIHCC members improve their cybersecurity posture.

February 6, 2024

HHS Issues Cybersecurity Performance Goals Specific to the Health Care and Public Health Sector


On January 24, 2024, HHS published voluntary Cybersecurity Performance Goals (CPGs) for the health care and public health (HPH) sector to “help healthcare organizations prioritize implementation of high-impact cybersecurity practices.”


https://www.alston.com/en/insights/publications/2024/02/hhs-issues-cybersecurity-performance-goals



Ignore Uncle Sam's 'voluntary' cybersecurity goals for hospitals at your peril


If you are responsible for infosec at a US hospital or other healthcare organization, and you treat the government's new "voluntary" cybersecurity performance goals (CPGs) as, well, voluntary, you're ignoring the writing on the wall.


https://www.theregister.com/2024/02/05/us_voluntary_cybersecurity_goals_hospitals/



HHS proffers cyber performance goals to health systems


Voluntary cybersecurity performance goals can help healthcare organizations establish layered protection and are adaptable, according to U.S. Health and Human Services. The agency's next steps include architecting investments and incentives for healthcare organizations to implement the goals and enforcement standards.


https://www.healthcareitnews.com/news/hhs-proffers-cyber-performance-goals-health-systems



Link to the U.S. Department of Health and Human Services' newly-released Cybersecurity Performance Goals website


https://hphcyber.hhs.gov/performance-goals.html


_____________________________________________


Critical Insight, a cybersecurity firm based in Bremerton, WA, is sponsoring a free webinar about the new goals titled "Implications of the HHS Cybersecurity Performance Goals - Did the Government Go Too Far or Not Far Enough?"
Click here to register



Patients Extorted Over Photos Sue Doctors for Security Failures


Hackers are directly targeting patients in ransomware attacks against healthcare providers, seeking payments to prevent publicizing personal medical information. Post-cyberattack lawsuits show a shift from targeting hospitals to patients for payments up to $50.


https://thisweekhealth.com/news_story/patients-extorted-over-photos-sue-doctors-for-security-failures/


December cyberattack on Chicago community hospital claimed by LockBit gang


The LockBit ransomware gang posted the hospital to its leak site, giving it two days to pay a nearly $900,000 ransom. This is the second attack on a hospital that the ransomware group has claimed in January, taking credit for an incident in November where multiple facilities in New Jersey and Pennsylvania had to cancel appointments and operate without patient files.


https://therecord.media/ransomware-saint-anthony-hospital-chicago


How 2023 Broke Long-Running Records for Health Data Breaches


Last year, a record number of major health data breaches - 734 breaches - affecting a record number of individuals - nearly 135.3 million - were reported to U.S. federal regulators. That's equal to more than 40% of the U.S. population having their protected health information compromised in a single year.


https://www.bankinfosecurity.com/how-2023-broke-long-running-records-for-health-data-breaches-a-24246?&web_view=true


Therapy Provider Notifying 4 Million Patients of PJ&A Hack


A Texas-based physical and occupational therapy provider is notifying nearly 4 million patients that they have joined the soaring tally of victims of a data theft incident at a Nevada medical transcription vendor last year.


https://www.bankinfosecurity.com/therapy-provider-notifying-4-million-patients-pja-hack-a-24200


Major Chicago children's hospital hit by cyberattack, forcing it to disconnect entire network


For the second time this week, a Chicago hospital announced a cyberattack, with officials saying it forced them to take the facility’s entire network offline. Lurie Children's Hospital is one of the biggest children’s healthcare organizations in the Midwest, serving 239,000 children each year.


https://therecord.media/lurie-childrens-hospital-chicago-cyberattack



CISOs Struggle for C-Suite Status Even as Expectations Skyrocket


CISOs (Chief Information Security Officers) are increasingly being asked to assume the responsibilities of what would normally be considered a C-suite role, but without being regarded or treated as such at many organizations, a new survey of 663 security executives has shown.


https://www.darkreading.com/cybersecurity-operations/cisos-struggle-csuite-status-expectations-skyrocket




This newsletter was made possible by Grant U2REP190572 from the Administration for Strategic Preparedness and Response (ASPR). Its contents are solely the responsibility of the authors and do not necessarily represent the official view of the Department or ASPR. Kootenai Health, 2024.
North Idaho Healthcare Coalition | 2003 Kootenai Health Way, Coeur d'Alene, ID 83814
Unsubscribe [email protected]
Update Profile | Constant Contact Data Notice
Sent by [email protected] powered by
Trusted Email from Constant Contact - Try it FREE today.
Try email marketing for free today!