Ransomware

Change Healthcare Breach Update
Audits, Cybersecurity, HIPAA

Change Healthcare Breach: What We Know Now

March 14, 2024 Comments Off on Change Healthcare Breach: What We Know Now

March 14, 2024 BREAKING NEWS! Your friends at Abyde are right back at you with an update on the Change Healthcare breach. Check out our first blog post on the breach here!  Now, to quickly bring you up to speed, Change Healthcare, a division of United Healthcare, was impacted by a ransomware attack. This ransomware attack is like nothing we’ve ever seen, and being called the most significant attack on our healthcare system of all time.  This ransomware attack was disastrous, taking Change Healthcare systems offline, and making it impossible for healthcare providers to check for insurance eligibility, see new patients, properly process prescriptions correctly, and much more.  Now, it’s been several weeks since the initial attack, and we have the latest scoop for you.  What’s going on now?  Well, now here comes the fallout. While some of the systems have been able to get back online, like pharmacy functions, Change Healthcare is still not 100%. This has been detrimental to healthcare providers, and is costing them $100 million a day! Now, I know that’s gotta hurt.  Now, the lawsuits are starting to roll in. Now, multiple class action lawsuits have been filed against Change Healthcare/United Healthcare due to its inadequate security systems and how it’s been handled.  Unfortunately, in this attack, it’s highly likely Protected Health Information (PHI) is in the hands of criminals. In this ransomware attack, over six TB of stolen data was encrypted by the deceptive hackers. So, these lawsuits are just getting started.  The government is also involved in this breach, investigating the causes and effects of the ransomware attack. The FBI has run into this group of hackers before and has taken some of their servers offline, causing many to think this attack was of vengeance.  The Department of Health and Human Services also came together to discuss and address the impact of the cyber attack for more to come. As of yesterday, March 13, the Office of Civil Rights also released a statement of beginning their investigation of the attack.  It’s safe to say this is far from over, and it’s been a tough month for United Healthcare.  What should I do?  To keep up with the news, we recommend you follow our news page, where we release the newest updates in compliance news and the best tips for your practice or business.  To keep up with the Change Healthcare system updates, you can follow this page here.  To keep your practice or business safe, and avoid this hot water that United Healthcare found itself in, it is essential for you to proactively protect your organization. This includes working with an IT company, employing firewalls, encryption, and of course, having compliance software like Abyde.  Abyde is your one-stop shop when it comes to compliance management, allowing you to evaluate your risks and address them before it’s too late. Need documentation in order? Yeah, all in the software. Oh and – let me stop you right there, yes, we also dynamically generate our personalized policies and procedures, so don’t worry about writing them.  And if you experience a breach? We’re here for you. We have an awesome team of compliance experts here to help you navigate any situation, so you’re not alone.  Want to learn more about compliance? Reach out to us at info@abyde.com and schedule a compliance consultation here for Covered Entities, and here for Business Associates! 

Ransomware in Healthcare
Best Practices, Cybersecurity, HIPAA

Yikes! My Files Are Kidnapped!: What is Ransomware?

March 7, 2024 Comments Off on Yikes! My Files Are Kidnapped!: What is Ransomware?

March 7, 2024 Ransomware. Even the name sounds ominous! With the Change Healthcare ransomware attack, you might have heard a lot about ransomware in the news lately. While the effects of the attack are wreaking havoc on the healthcare system, you might be wondering what this notorious ransomware is all about.  Well, you’ve come to the right place! We’re here to educate you on ransomware and how your practice or organization can be prepared for this cybercrime.  What is it, exactly?  Ransomware is a form of malware, or malicious software, that encrypts the files of a victim and requires a ransom to access files again. This is a very common way hackers infiltrate healthcare systems and over 4,000 ransomware attacks occur a day!   If you’re confused about how ransomware works, here’s a simple example:  Dan the Doctor was having an alright day, and then he got an email that went to his practice that he thought would turn it into the best day of his life! The email said he won 20 million dollars! All he had to do was click the link in the email to receive it. He clicked it as soon as possible, already dreaming of spending the rest of his life on the beaches of Hawaii.  Spoiler alert: his day was going to get a lot worse.  As he clicked the link, ransomware began its sinister magic: encrypting patients’ protected health information (PHI). He couldn’t believe what he did, putting his patients and his practice in jeopardy. Then, to get access to these files again, he had to pay thousands of dollars, or these files would be put online, putting his innocent patients even more at risk.  His dreams of Hawaii turned into a very hurt wallet and his patients at risk.  While you might think that could never happen to you: email scams, or phishing, are the most common way ransomware attacks are sent.  Our simple example is just a story, but it happens often in the healthcare field. For example, the most recent major cybercrime is the ongoing Change Healthcare ransomware attack, in which they paid 22 million dollars in ransom!  The OCR is also beginning to fine practices and organizations that do not take the proper precautions against ransomware attacks. The first ransomware attack fine was announced in October, costing the Business Associate (BA) $100,000 in HIPAA fines.  What do I do?  Now, while ransomware attacks have become extremely prevalent, with a 278% increase in ransomware breaches reported to the OCR, there are precautions you can take.  Working with an IT company is key for your practice or business, with prevention being the first line of defense. This includes things like encrypting your files, keeping all software up-to-date, having firewalls, antivirus and more.  Additionally, working with a compliance program like Abyde also lowers your risk. By identifying your vulnerabilities and enacting the right protocols, ransomware stands no match! For instance, password updating, proper data handling, access controls, and training, are all different barriers that help your practice or business.  Also, if your practice is infected by ransomware, do not pay the ransom, get the infected device offline and off the network, report the breach to the OCR, and get IT experts to investigate the attack.  To learn more about how your practice can stay compliant and secure against ransomware attacks, email us at info@abyde.com and schedule consultations for Covered Entities here, and Business Associates here.

Ransomware HIPAA Fines
Cybersecurity, Fines, HIPAA

The OCR Cracks Down on Cyber Attack Breaches: Second Ransomware Attack Settled in Four Months

February 22, 2024 Comments Off on The OCR Cracks Down on Cyber Attack Breaches: Second Ransomware Attack Settled in Four Months

February 22, 2024 Well, the Office of Civil Rights (OCR) did it again. In the past four months, two ransomware cyber attack cases have been settled, resulting in hefty fines, yikes! While the first ruling affected a Business Associate with a major fine, this breach impacted a Covered Entity.  In February 2019, Green Ridge Behavioral Health in Maryland filed a breach report that all of their files on patients were encrypted with ransomware, resulting in over 14,000 patients’ data being compromised. That’s a lot of people! As the name suggests, ransomware is a cybercrime where data is held for ransom. Users are unable to access data/files till the ransom is paid. It is a malicious crime that is extremely prevalent in healthcare, with a 264% increase over the past five years in large breaches reported to the OCR.  In their investigation, the OCR found potential violations of the HIPAA Privacy and Security Rules from before and right up until the breach. In their variety of violations, some other major misses included: As a result, Green Ridge Behavioral Health was fined $40,000 and will now be monitored by the OCR for the next three years. That’s a long time and a lot of money for a practice that could have avoided this situation with the right compliance solution. That’s where Abyde steps in.  Cyber attacks are unfortunately common in healthcare, accounting for 79% of the large breaches reported to OCR. We’ve now seen a pattern of the OCR ruling on ransomware cases, cracking down on practices and organizations that are not prepared for a cyber attack. The OCR is not messing around, and these fines are a clear example.  Thankfully, with Abyde, we make the journey to compliance simple. The Abyde software resolves many of the reasons why practices and organizations get fined. You can complete our intuitive Security Risk Analysis in minutes, being able to see what your practice needs to do to be compliant in a flash.  Abyde also has engaging training, with interactive activities and videos, all with entertaining themes, to keep the user interested (yes, you read that right).  We also have a portal that allows you to easily manage all of your agreements with Business Associates, digitally signing and storing them in the software. What’s the cherry on top? We will remind you when these agreements are close to expiring, being your compliance crew so you can focus on running your practice.  We have a variety of resources for practices of any size to use, like dynamically generated policies and procedures, allowing you to finally ditch the dusty HIPAA binder, HIPAA logs, our team of friendly compliance experts is always a call (or message!) away, and much more.  Why wait for a compliance disaster? Email us at info@abyde.com and schedule a demo of our revolutionary software here.

Want an inside look at how the OCR operates? Join Iliana Peters, former Acting Deputy Director for HIPAA at the HHS OCR, and Abyde experts for a live discussion.

 

REGISTER NOW
X