Paubox Weekly: CISA and HHS launch cybersecurity healthcare toolkit

Hello world,

Today’s Paubox Weekly is 544 words - a 2 minute read.

Want to get this type of content delivered to your inbox every Friday? Subscribe to Paubox Weekly. 

1. CISA and HHS launch cybersecurity healthcare toolkit

CISA and the HHS unveiled the Cybersecurity Toolkit for Healthcare and Public Health tailored to meet the specific needs and challenges of healthcare organizations.

What they're saying: "Adversaries see healthcare and public health organizations as high value yet relatively easy targets – or what we call target rich, cyber poor." said CISA Deputy Director Nitin Natarajan.

A significant rise in cyber attacks against hospitals

2. Why HIPAA compliant email is the best communication method for healthcare providers

Healthcare organizations must keep patient data secure, and finding communication methods that offer strong encryption and access controls can be difficult.

The big picture: With billions of email accounts globally, its prevalence makes it accessible to most patients who find it easier than portals.

The best channel for referrals or patient communication

3. HIPAA Breach Report for September 2023

The HIPAA breach report for September 2023 analyzes PHI breaches affecting 500 or more people as reported to the Department of Health and Human Services.

• Network server breaches affected the most people. 14,516,294 individuals had their data breached.
• Email breaches were the second most common breach, with 108,199 people affected.
• Other breaches affected 91,611 people, the third most common breach type.

Four times more people impacted than last year

4. Philadelphia releases notice of data breach

The city of Philadelphia has released a notice of a data breach that occurred in the late spring.

What happened: Affected individuals may have also had protected health information exposed. While the investigation is ongoing, investigators determined that an unauthorized actor may have gained access to Philadelphia city emails and other information.

The total number of affected individuals is unclear

5. New York AG reaches settlement with home healthcare company

Personal Touch Holding Corp has reached a settlement with the New York Attorney General regarding a potential HIPAA violation case.

What happened: The attacker accessed 5 accounts and encrypted 35 servers, resulting in a breach of personal and protected information of 753,107 individuals. The vulnerabilities were known at the time of the attack.

Insufficient access controls cost them $350,000

Community links

• Tim Wilson: Paubox Zoom social mixer (October 2023). Link
  
• CCPA vs. HIPAA. Link
  
• OCR cybersecurity newletter stresses the importance of sanction policies. Link
  
• Does HIPAA apply to professional medical interpreters? Link
  
• Can PHI be used for fundraising? Link
  
• Facility directories and HIPAA. Link
  
• The difference between a subcontractor and a business associate. Link
  
• The importance of audit trails during HIPAA compliance audits. Link
  
• HIPAA compliance in natural disasters. Link
  
• Navigating language barriers in healthcare organizations. Link
  

Good reads from around the web

• Dozens of states sue Meta over youth mental health crisis. Link
• Okta's support system breach exposes customer data to unidentified threat actors. Link
• How long should a password be in 2023? You're asking the wrong question. Link
• Healthcare data at risk due to NextGen Mirth Connect bug. Link
• More than twice as many healthcare workers report harassment in 2022 than in 2018, CDC finds. Link