Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label US Healthcare. Show all posts
US Healthcare
Cybersecurity Digital Communication Direct Secure Messaging Technology US Healthcare

Changing How Healthcare Works: Big News in Communication

 



In a pivotal transformation within the healthcare industry, a prominent shift is currently unfolding. Direct Secure Messaging (DSM) has emerged as a game-changer, modernising the way vital information is shared among healthcare providers, pharmacies, and laboratories. Traditionally, healthcare communication has relied heavily on outdated methods like faxing, costing the US healthcare system billions annually and compromising patient safety. DSM, however, introduces a secure and efficient alternative, addressing concerns about privacy and security.

DSM operates on a secure protocol, similar to email but comes with enhanced security measures. Healthcare providers receive unique digital certificates that act as a digital signature, ensuring authenticated identity and encrypting messages for authorised recipients only. This means medical records, lab results, and other sensitive information can be sent directly through electronic health record (EHR) systems or DSM-enabled platforms, eliminating the need for cumbersome and insecure methods like faxing.


Key Benefits of Direct Secure Messaging

1. Security: DSM employs advanced encryption techniques, minimising the risk of unauthorised access during transmission.

2. Efficiency: By eliminating manual processes like printing and faxing, DSM streamlines communication workflows, saving time and resources for healthcare providers.

3. Accuracy: Unlike faxing, DSM ensures the accurate and reliable transmission of information in its original format.

4. Interoperability: Built on standardised protocols, DSM facilitates seamless communication between different healthcare systems, promoting interoperability.

5. Compliance: With increasing regulatory requirements, DSM aids healthcare organisations in complying with data privacy regulations such as HIPAA.

Direct Secure Messaging represents a significant leap forward in healthcare communication, aligning with the digital age's demands for secure, efficient, and interoperable solutions. As healthcare continues to evolve, DSM is poised to play a crucial role in shaping the future of healthcare delivery.


Advantages of Direct Secure Messaging in Healthcare Referrals

DSM has become a trusted method for secure and interoperable communication of health information, particularly in healthcare referrals. Offering a secure alternative to fax, DSM transforms healthcare referrals, care coordination, and clinical communication.

1. Secure and Interoperable Communication: DSM provides a trusted mechanism for exchanging health information, ensuring seamless communication between healthcare providers.

2. Improved Patient Care Coordination: By expediting information exchange, DSM positively impacts patient care coordination, providing timely and comprehensive data for informed decision-making.

3. Efficiency and Reliability: DSM is highly efficient and reliable, reducing the time for referrals and facilitating prompt patient appointments.

4. Data Mapping and Integration: DSM enables seamless data mapping and integration between different healthcare systems, minimising the effort required for data transfer and enhancing patient care.

In a broader spectrum, Direct Secure Messaging emerges as a transformative tool for healthcare referrals, simplifying communication, reducing burdens on providers, and benefiting both patients and care teams. With its reliability, ease of use, and ability to streamline data integration, DSM represents a significant step towards enhancing the overall efficiency and effectiveness of healthcare communication.

As healthcare embraces the digital revolution, Direct Secure Messaging stands at the forefront, ushering in an era where communication is not only instant and seamless but also prioritises the utmost security and efficiency in patient care.


Read more »
Vulnerabilities and Exploits
HSS Ransomware Groups US Department of Health and Human Services US Healthcare Vulnerabilities and Exploits

US Health Dept Urges Hospitals to Patch Critical ‘Citrix Bleed’ Vulnerability


This week, the US Department of Health and Human Services (HSS) has warned hospitals of the critical ‘Citrix Bleed’ Netscaler vulnerability that has been exploited by threat actors in cyberattacks.

On Thursday, the department’s security team, Health Sector Cybersecurity Coordination Center (HC3), issued an alert where it urged all U.S. healthcare businesses to protect their NetScaler ADC and NetScaler Gateway equipment from ransomware gang invasions.

"The Citrix Bleed vulnerability is being actively exploited, and HC3 strongly urges organizations to upgrade to prevent further damage against the Healthcare and Public Health (HPH) sector. This alert contains information on attack detection and mitigation of the vulnerability,” the alert read.

"HC3 strongly encourages users and administrators to review these recommended actions and upgrade their devices to prevent serious damage to the HPH sector."

Prior to the aforementioned warning, Citrix had already issued two warnings urging admins to patch their appliances in priority. It also urged administrators to terminate all open and persistent sessions. Moreover, in order to stop hackers from obtaining authentication tokens even after the security upgrades have as well been installed.

Thousands of Servers Exposed, Many Already Breached

Cybersecurity professional Kevin Beaumont has been monitoring and analyzing cyberattacks against a variety of targets throughout the globe, such as Boeing, DP World, Allen & Overy, and the Industrial and Commercial Bank of China (ICBC), and he discovered that these targets were probably all compromised through the use of Citrix Bleed exploits. 

On Friday, Beaumont revealed that the U.S.-based managed service provider (MSP) experienced a ransomware attack by a threat group, that has exploited a Citrix Bleed vulnerability a week earlier. 

The MSP continues to work on securing its susceptible Netscaler appliances, which may leave its clients' networks and data open to additional intrusions.

The vulnerability was fixed by Citrix in early October, but Mandiant subsequently discovered that it has been actively exploited as a zero-day since at least late August of 2023. 

AssetNote, an external attack surface management company, on October 25, released a CVE-2023-4966 proof-of-concept exploit explaining how session tokens can be accessed by cybercriminals from Citrix appliances that has not been patched. 

According to Japan-based threat researcher Yukata Sejiyama, over 10,000 Citrix servers – many of which belonged to some important organizations globally – were still susceptible to Citrix Bleed attacks more than a month after the critical flaw was patched.

"This urgent warning by HC3 signifies the seriousness to the Citrix Bleed vulnerability and the urgent need to deploy the existing Citrix patches and upgrades to secure our systems," said John Riggi, a cybersecurity and risk advisor for the American Hospital Association, a healthcare industry trade group that represents 5,000 hospitals and healthcare providers across the U.S.

According to Riggi, this case also highlights the ferocity with which ‘foreign ransomware gangs,’ (majorly the Russian-speaking groups), continue to attack medical facilities and other healthcare institutions. Ransomware attacks interrupt and delay health care delivery, placing patient lives in danger.  

Read more »
US Healthcare
Cyber Attacks cybersecurity research Healthcare Data Healthcare organizations Proofpoint US Healthcare

88% of Healthcare Organizations Have Suffered a Cybersecurity Incident in Past Year


Organizations included in the healthcare sector, like hospitals and clinics, have struggled with a series of cyberattacks in recent years, resulting in their inability to provide even the minimum services because of computer outages and loss of important files in the data breaches.

In a recent report published on Wednesday by research conducted by Proofpoint, an email security company, around 90% of healthcare organizations have experienced at least one cybersecurity incident in the past year. 

In the past two years, more than half of the healthcare organizations have reported to have experienced an average of four ransomware attacks. 68% of the organizations surveyed noted that the attacks “negatively impacted patient safety and care.”

The aforementioned report conducted by Proofpoint includes a survey of more than 650 IT and cybersecurity professionals in the US healthcare sector, highlighting the healthcare sector's ongoing susceptibility to common attack methods. It occurs as the Cybersecurity and Infrastructure Security Agency works to provide greater assistance to small, rural hospitals that are underfunded and wilting under constant cyberattacks.

As healthcare organizations struggle to find alternatives to their outdated technology so they can keep providing services, these efforts are using up more and more of their resources. Between 2022 and 2023, the cost of the time spent minimizing the attacks' consequences on patient care rose by 50%, from around $660,000 to $1 million.

In the case of ransomware assault in hospital systems, where computer networks shut down, the impact is rapid and extensive. 

Stephen Leffler, president and chief operating officer of the University of Vermont Medical Center, spoke about how a ransomware assault in October 2020 brought about a catastrophe at his facility during a congressional hearing in September. For 28 days, senior physicians had to train junior physicians on how to use paper records as the National Guard assisted the IT department in a round-the-clock operation to wipe and reconfigure every computer in the network.

Leffler remarked, "We literally went to Best Buy and bought every walkie-talkie they had." This was due to their internet-based phone system being offline. Between 2022 and 2023, the cost of patient care grew by 50%, from about $660,000 to $1 million.

Leffler, who has been an emergency medicine doctor for 30 years, further commented “I've been a hospital president for four years. The cyberattack was much harder than the pandemic by far.” 

Read more »
US Healthcare
Data Breach Data Leak Exposed Patient Records Ransomware attack US Healthcare

US Healthcare Startup Brightline Impacted by Fortra GoAnywhere Assaults

 

A firm providing virtual mental health services for children is the latest victim of Fortra's widespread ransomware onslaught, which has spread its effects even further. 

The American healthcare behemoth Blue Shield of California confirmed that data from one of its providers, Brightline, that was housed in its GoAnywhere file transfer platform had been taken in a data breach notice filed with the Maine attorney general's office. Threat analysts identified Brightline as a potential victim of the mass breach last week. It offers online coaching and therapy for kids. 

The breach notification verified that hackers—perhaps members of the Russia-linked Clop ransomware gang who claimed to have infiltrated over a hundred businesses via an unreported security flaw—accessed and possibly exfiltrated the personal information of over 63,000 patients. 

The group has announced that they will release the data taken from Brightline "soon" on Clop's dark web leak site, which they use to expose the stolen material absent payment of a ransom.

On its website or on social media, Brightline has not yet made the breach publicly acknowledged. John O'Connor, a representative for Brightline, declined to comment on TechCrunch's inquiries, although he did not deny that the hack has a 63,000 person impact. The number of young Brightline customers who are impacted is unknown. 

According to Blue Shield's breach report, the patient names, addresses, dates of birth, gender, Blue Shield subscriber ID numbers, phone numbers, e-mail addresses, plan names, and plan group numbers were all compromised. 

Nevertheless, Brightline is not the only healthcare provider among the 130 firms being affected by the Clop group. US Wellness, a provider of corporate health and wellness initiatives, also acknowledged that hackers had gained access to user personal information including names, addresses, dates of birth, and member ID numbers. 

Because of the severity of the Fortra vulnerability's effects on healthcare institutions, the U.S. government's health sector cybersecurity coordination centre, or HC3, issued a warning in February to help companies prepare for Clop's attacks. 

The City of Toronto, Investissement Québec, and Virgin Red are among the ever-expanding list of victims the group is known to have targeted outside of healthcare institutions. 

Virgin Red was contacted by Clop and, according to Jodie Burton, learnt that hackers had "illegally gotten some Virgin Red files via a cyber-attack on our provider, GoAnywhere." Although Fortra had promised them that their data was secure, TechCrunch has heard from other victims who, like them, only discovered that data had been taken after receiving a ransom demand.
Read more »
Subscribe to: Posts (Atom)