HealthBlawg

David Harlow's Health Care Law Blog

    • Twitter
    • Facebook
    • LinkedIn
    • RSS
    • Email
  • About
  • Archives
  • Podcast
  • Press
  • Awards/Reviews
  • HIPAA
  • HCSM

Keep it Clean: Ransomware and David Harlow in the Press

July 17, 2017

I wrote a piece for HealthTech recently, arguing that healthcare organizations must practice better data hygiene to stay ahead of looming cyberthreats, noting that cybersecurity in healthcare is not just an IT problem, and that we need a cultural shift in emphasis parallel to the paradigm shift we have seen in the way we have collectively dealt with healthcare-associated infections (HAIs).

What Cybersecurity Can Learn from Modern Medicine

Healthcare’s ongoing cybersecurity plague closely resembles another challenge the industry previously perceived as insurmountable: the spread of healthcare-associated infections. Through the past decade, however, organizations stopped accepting HAIs as a certainty.

Three factors drove the change:

  • Unambiguous financial incentives: The federal government changed Medicare rules and no longer reimburses hospitals for the cost of preventable hospitalizations.
  • Building and sharing tools: Development of public and private sector HAI prevention programs, broad dissemination of key learning, guidelines and checklists, and sharing of experiences.
  • Leadership and drawing a line in the sand: When a health system CEO says, “We will eliminate all central line infections in our system within three years,” things happen.

We know what we need to do; we just need to do it.


Tune in to past and future HIPAA Chat webinars & web radio broadcasts


After the Eternal Blue exploits WannaCry and NotPetya hit, I spoke with Part B News for a piece on the new status quo in ransomware and approaches to take in minimizing exposure (behind paywall). These include some real basic stuff — but major multinational corporations, large government agencies and health care organizations failed to take some of these steps and got burned:

  • Patch your OS and software.
  • Limit the ability of end users to install software — either don’t let them do  it at all, or limit their choices to whitelisted programs screened by IT security staff.
  • Remember — not all IT professionals are IT security professionals. Bring in the right resources for the job.
  • Not all systems or all staff need access to all data. Minimize the data used in any one system, limit data exposed to view in any way from beyond the internal network, and make sure that backup systems are isolated (air-gapped) so that they don’t get automatically infected in production systems are infected.
  • Limit certain privileges to a per use basis, not even a per-user basis, and sunset passwords, so that sensitive data is less exposed.
  • Use creative training techniques, including fake phishing emails that lead to training sites if opened and clicked. (Better than using the same online preso and quiz you used last year.)

In the end, the bottom line is, well, the bottom line:

Establishing a culture of compliance is critical to increasing funding for implementation, and that starts at the top. Executives, therefore, must commit publicly to eliminate all preventable data breaches. Committing to do better is the first step to becoming better.

David Harlow
The Harlow Group LLC
Health Care Law and Consulting

Filed Under: Compliance, Health care policy, Health Law, HIPAA, HIT, Privacy, Security

you might also like:

  1. David Harlow In the Press: Security, Ransomware and HIPAA Audits

  2. David Harlow In the Press: HIPAA Privacy and Security Hot Points for 2016

  3. David Harlow In the Press

« Interoperability’s Second Act
Counting noses at the county level: Marketplace participation »

Trackbacks

  1. Health Wonk Review for July 21, 2017 - More Cheap Travel Now says:
    July 24, 2017 at 2:01 pm

    […] Harlow at HealthBlawg says healthcare organizations must practice better data hygiene. In Keep it Clean: Ransomware and David Harlow in the Press, he […]

Follow me on Twitter

David Harlow 💉😷 Follow 43,200 17,542

Mastodon @healthblawg@c.im #HealthCare #MedDevice #Compliance #Privacy @MyOmnipod #HIPAA #digitalhealth #HarlowOnHC #pinksocks Tweets are tweets No more no less

healthblawg
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
2h 1638640040317440001

The Harlow #Healthcare #Innovation Daily #digitalhealth #hcldr #HarlowOnHC Thanks to @DigitalSalutem #digitalhealth #healthtech

Image for twitter card

Eight steps to a successful AI implementation

information-age.com OpenText outline in Information Age the eight key implementation steps to help AI and machine lear...

paper.li

Reply on Twitter 1638640040317440001 Retweet on Twitter 1638640040317440001 0 Like on Twitter 1638640040317440001 0 Twitter 1638640040317440001
Retweet on Twitter David Harlow 💉😷 Retweeted
HCNowRadio avatar; HealthcareNOWradio @HCNowRadio ·
11h 1638517571107401733

NEXT at 8:30 am ET @healthblawg speaks with Steven Lane, PCP, informaticist and CMO @HealthGorilla, who has much to say about #healthdata, data on #SDoH, the power of data to improve healthcare and more. #HarlowOnHC #QHINs https://healthcarenowradio.airtime.pro/

Image for the Tweet beginning: NEXT at 8:30 am ET Twitter feed image.
Reply on Twitter 1638517571107401733 Retweet on Twitter 1638517571107401733 3 Like on Twitter 1638517571107401733 1 Twitter 1638517571107401733
healthblawg avatar; David Harlow 💉😷 @healthblawg ·
6h 1638583863076167706

ICYMI> Lissy Hu, President of Connected Networks at WellSky — Harlow on Healthcare https://healthblawg.com/2023/01/lissy-hu-wellsky.html?utm_source=twitter&utm_medium=social&utm_campaign=ReviveOldPost #digitalhealth #hcldr #hitsm

Image for the Tweet beginning: ICYMI>  Lissy Hu, President Twitter feed image.
Reply on Twitter 1638583863076167706 Retweet on Twitter 1638583863076167706 0 Like on Twitter 1638583863076167706 0 Twitter 1638583863076167706
Load More
Follow me on Mastodon

HIPAAtools

Hipaatools

The HIPAA Compliance Toolkit

The Walking Gallery

The Walking Gallery

Quick Links

  • Home
  • Categories
  • Archives
  • Podcast Interviews
  • HIPAAtools
  • HIPAA Compliance
  • Health Care Social Media
  • Speaking
  • In the Press
  • Blogroll

David Harlow

David Harlow

HealthcareNOW Radio

Connect with David

  • Twitter
  • Facebook
  • LinkedIn
  • RSS
  • Email
  • Subscribe
  • Contact
  • Book Me: Speaking
  • About
  • The Harlow Group LLC
Copyright © 2006–2023
HealthBlawg is a publication of The Harlow Group LLC. See Copyright notice and disclaimer.
Fair use with attribution and a link is encouraged. Click for more on David Harlow.
[footer_backtotop text="Back to top" href="#"]