SlideShare a Scribd company logo

2022-02-17-1300-emr-in-healthcare-tlpwhite.pdf

M
MOHAMMED YASER HUSSAIN

This document discusses electronic medical records (EMRs) and electronic health records (EHRs), including how they are used in healthcare, benefits and risks of using them, why they are valuable targets for cyber attackers, how the data is stored, and examples of data breaches and cyber attacks on healthcare organizations. It provides details on the top EMR/EHR software systems, threats like phishing and ransomware, costs of data breaches, and recommendations for protecting EMR and EHR data through strategies like evaluating risks, using VPN with multifactor authentication, endpoint hardening, and engaging cyber threat hunters.

1 of 35
Download to read offline
Electronic Medical Records in Healthcare 02/17/2022 TLP: WHITE, ID# 202202171300
Agenda 2 • What Is an EMR, and How Is It Used in Healthcare? • Top EHR Software Used in Hospitals • Benefits & Risks of Using EMR/HER • Why EMRs/EHRs Are Valuable to Cyber Attackers • How Are EMR/EHRs Stored and Handled? • EMR Compromised, Healthcare & Critical Industries Hacked • Healthcare Industry Under Attack • Healthcare Industry Under Attack, Part II • Top Data Breaches of 2021 • Top Threats Against Electronic Medical & Health Records • Costs of Data Breach • Protecting EMR & EHR Data • References Non-Technical: Managerial, strategic and high- level (general audience) Technical: Tactical / IOCs; requiring in-depth knowledge (sysadmins, IRT) Slides Key:
3 Electronic medical records (EMRs) and electronic health records (EHRs) are often used interchangeably. An EMR allows the electronic entry, storage, and maintenance of digital medical data. EHR contains the patient's records from doctors and includes demographics, test results, medical history, history of present illness (HPI), and medications. EMRs are part of EHRs and contain the following: • Patient registration, billing, preventive screenings, or checkups • Patient appointment and scheduling • Tracking patient data over time • Monitoring and improving overall quality of care What Is an EMR and How Is It Used in Healthcare? EMR vs EHR Electronic healthcare record process diagram
4 Top EMR/EHR Software Systems Used in Hospitals Top 10 Inpatient EHR Vendors by Market Share Courtesy of Definitive Healthcare's HospitalView. (June 2021)
5 Benefits and Risks of Using EMR/EHR Some risks of using electronic medical records / electronic health records are: The risks to EHRs relate primarily to a range of factors that include user-related issues, financial issues and design flaws that create barriers to using them as an effective tool to deliver healthcare services. EMR is also a top target in healthcare breaches. Additional risks are as follows: • Security or privacy issues • Potentially vulnerable to hacking • Data can be lost or destroyed • Inaccurate paper-to-computer transmission • Cause of treatment error Some benefits of using electronic medical records and electronic health records are: • Comprehensive patient-history records • Makes patient data shareable • Improved quality of care • Convenience and efficiency
6 Why EMRs/EHRs Are Valuable to Cyber Attackers EMR/EHRs are valuable to cyber attackers because of the Protected Health Information (PHI) it contains and the profit they can make on the dark web or black market. These 18 identifiers provide criminals with more information than any other breached record. Extortion, fraud, identity theft, data laundering, Hacktivist / Promoting Political Agenda and Sabotage are some ways cyber attackers use this data for profit. HIPAA Protected Health Identifiers (PHI) Names Dates, except year Telephone numbers Geographic data FAX numbers Social Security numbers Email addresses Medical record numbers Account numbers Health plan beneficiary numbers Certificate/license numbers Vehicle identifiers and serial numbers including license plates Web URLs Device identifiers and serial numbers Internet protocol (IP) addresses Full face photos and comparable images Biometric identifiers (i.e. retinal scan, fingerprints) Any unique identifying number or code
7 Why EMRs/EHRs Are Valuable to Cyber Attackers, Part II According to IBM, stolen healthcare data is the most valuable, as the graph below shows:
8 How EMRs/EHRs Are Stored and Handled EMR / EHR data is stored on dedicated servers in specific, known physical locations.
9 EMR Compromised, Healthcare & Critical Industries Hacked In 2020, at least 2,354 U.S. government, healthcare facilities and schools were impacted by a significant increase in ransomware. The cyber attacks caused significant disruption across the healthcare industry. Organizations impacted by these attacks are as follows: • 113 federal, state and municipal governments and agencies • 1,681 schools, colleges and universities • 560 healthcare facilities • Pennsylvania Health Services Company (operates 400 hospitals & healthcare facilities)
10 Healthcare data breaches have increased significantly. According to the HIPAA Journal’s 2020 Healthcare Data Breach Report, the healthcare industry in 2020 had the third largest number of data breaches on record since 2009. Healthcare Industry Under Attack
11 Entities With the Most Data Breaches (per HIPAA Journal): Healthcare Industry Under Attack, Part II
Top Data Breaches of 2021 TLP: WHITE 12 In 2021, HHS received reports of data breaches from 578 healthcare organizations, impacting more than 41.45 million individuals. The following list is of organizations with the most individuals affected in 2021: • Florida Pediatric Health Pediatric Organization: 3.5 million • Florida Vision Care Provider: 3.25 million • Wisconsin Dermatologist: 2.41 million • Texas Health Network: 1.66 million • Indiana General Health Provider: 1.52 million • Ohio Pharmacy Network: 1.47 million • Georgia Health Network: 1.4 million • Nevada University Health Center: 1.3 million • New York Anesthesiologist: 1.27 million • New York Medical Management Solutions Provider: 1.21 million In January 2022, 38 organizations reported nearly 2 million individuals were impacted by data breaches.
13 Top Threats Against Electronic Medical & Health Records • Phishing Attacks • Malware & Ransomware Attacks • Encryption Blind Spots • Cloud Threats • Employees
14 Phishing Attacks A phishing attack is a type of social engineering attack where the threat actor pretends to be a trusted source and tricks their target into opening an email or clicking a link, revealing their login credentials and depositing malware. You can protect EMRs/EHRs by doing the following: • Educate healthcare professionals • Do not click links within an email that do not match, or has a TLD associated with suspicious sites • Physicians should verify all EHR file-share requests before sending any data
15 Malware and Ransomware Attacks Malware enters a healthcare system’s computer network through software vulnerabilities, encrypted traffic, downloads, and phishing attacks. The effect of each type of malware attack ranges from data theft to harming host computers and networks. Ransomware is a type of malware that locks users out of their network system or computer until the threat actor or hacker who launched the attack is paid for regained access to data, information, and files. This could be dangerous for hospitals, healthcare facilities, and others who rely on EHRs or EMRs for up-to- date information to provide patient care.
16 Encryption Blind Spots Data encryption protects and secures EMR/EHR data while it is being transferred between on-site users and external cloud applications. Blind spots in encrypted traffic could pose a threat to IT healthcare because threat actors or hackers are able to use encrypted blind spots to avoid detection, hide, and execute their targeted attack. Also helps with HIPAA, FISMA, and Sarbanes-Oxley Act of 2002 compliance.
17 Cloud Threats More healthcare organizations are using Cloud services to improve patient care, so there is an increasing need to keep private data secure while complying with HIPAA.
18 Employees: Insider Threats Insider threats apply across industries, including the heath sector. It is recommended that your healthcare organization has a cybersecurity strategy and policy that’s not only understood but followed and enforced. An effective strategy involves: • Educating all healthcare partners and staff • Enhancing administrative controls • Monitoring physical and system access • Creating workstation usage policies o Auditing and monitoring system users o Employing device and media controls o Applying data encryption
19 Data breaches targeting EMRs/EHRs have been costly for the healthcare industry. According to IBM, the average cost per incident in 2021 was $9.3 million, and there were 40 million patient records compromised. HIPAA developed four tiers of penalties for failure to protect PHI: First Tier: $100-$50K per incident (up to $1.5M) Second Tier: $1,000-$50K (up to $1.5M) Third Tier: $10,000-$50,000 (up to $1.5M) per incident Fourth Tier: at least $50,000 (up to $1.5M) per incident Costs of Data Breach
20 Protecting EMR & EHR Data Here are a few strategies that healthcare leaders should consider to strengthen their organization’s cyber posture: • Evaluate risk before an attack • Use VPN with multifactor authentication (MFA) • Develop an endpoint hardening strategy • Endpoint Detection and Response (EDR) • Protect emails and patient health records • Engage Cyber Threat Hunters • Conduct red team / blue team exercises • Moving beyond prevention
21 Protecting EMR & EHR Data – Evaluate Risk Before an Attack Healthcare leaders should understand where operational vulnerabilities exist in their organization, from marketing all the way down to critical health records. By understanding the scope of the task at hand, management and other healthcare leaders can create a preparedness plan to address any weaknesses in digital infrastructure.
22 Protecting EMR & EHR Data – Use VPN with MFA Leaders in the healthcare industry should consider developing a strategy to combat ransomware that targets Remote Desktop Protocol (RDP) and other applications that face the Internet. Healthcare leaders should also consider adding a VPN with multifactor authentication to avoid exposing their RDP and prioritize patching for vulnerabilities in VPN platform and other applications.
23 Protecting EMR & EHR Data – Develop Endpoint Hardening Strategy with EDR Developing an endpoint hardening strategy allows healthcare leaders the ability to harden their digital infrastructure with multiple defense layers at various endpoints. This strategy also detects and contains an attack before it can reach patient medical records or other sensitive information. Endpoint Detection and Response (EDR) should also be added to detect and mitigate cyber threats.
24 Protecting EMR & EHR Data – Emails & Patient Health Records It is imperative that patient health records and emails are protected. In addition to threat actors using Remote Desktop Protocol (RDP) to gain access, HIVE ransomware attacks malicious files attached to phishing emails to gain access to health records and company systems. Email security software with URL filtering and attachment sandboxing is recommended as a mitigation strategy.
25 Protecting EMR & EHR Data – Engage Cyber Threat Hunters Threat hunting is a proactive practice that finds threat actors or hackers who have infiltrated a network’s initial endpoint security defenses. This type of human threat detection capability operates as an extension of the organization’s cyber team that will track, prevent, or even stop potential cyber attacks on an organization.
26 Protecting EMR & EHR Data – Conduct Red Team / Blue Team Exercises Red and blue team exercises are essentially a face-off between two teams of highly trained cybersecurity professionals: • Red Team uses real-world adversary tradecraft to compromise the environment. • Blue Team consists of incident responders who work within the security unit to identify, assess and respond to the intrusion. These exercises are imperative to understanding issues with an organization's network, vulnerabilities and other possible security gaps.
27 Protecting EMR & EHR Data – Moving Beyond Prevention It is recommended that healthcare leaders shift their focus by moving beyond a prevention strategy and creating a proactive preparedness plan. This helps understand vulnerabilities in the current network landscape and provides guidance needed for framework that will be effective in identifying and preventing attacks, which is key to protecting EMRs/EHRs, along with access to vital patient data.
Reference Materials
29 • Duffin, Sonya. “Top 10 Cybersecurity Best Practices to Combat Ransomware,” Threat Post. November 12, 2021. https://threatpost.com/cybersecurity-best-practices-ransomware/176316/. • Green, Jeff. “Disadvantages of EHR systems - dispelling your fears,” EHR Knowledge Zone. August 15, 2019. https://www.ehrinpractice.com/ehr-system-disadvantages.html. • “What are the Consequences of a Medical Record Breach,” American Retrieval. September 22,2020. https://www.americanretrieval.com/medical-records-breach. • O’Connor, Stephen. “Top 5 Risks You May Encounter After an EHR Software Implementation,” Advanced Data Systems Corruption. January 31, 2017. https://www.adsc.com/blog/top-5-risks-you-may-encounter- after-an-ehr-software-implementation. • Marchesini,Kathryn;Massihi, Ali. “4 Ways Using the HHS Security Risk Assessment Tool Can Help Your Organization,” Health IT Buzz. October 30, 2019. https://www.healthit.gov/buzz-blog/privacy-and-security- of-ehrs/4-ways-using-the-hhs-security-risk-assessment-tool-can-help-your-organization. • “2020 Healthcare Data Breach Report: 25% Increase in Breaches in 2020,” HIPAA Journal. January 19, 2021. https://www.hipaajournal.com/2020-healthcare-data-breach-report-us/. • “Programs/Electronic Medical Records(EMR),” MedixOnline. May 21, 2021. https://medixonline.ca/programs/electronic-medical-records-emr/. • Luyer, Eric M. “Cybersecurity Risks in Medical Devices Are Real,” MedTech Intelligence. February 23, 2017. https://www.medtechintelligence.com/feature_article/cybersecurity-risks-medical-devices-real/. • Cepero, Robert. “How Hospitals Can Protect Their EMR Data,” Bleuwire. December 16, 2020. https://bleuwire.com/how-hospitals-can-protect-their-emr-data/. References
30 • Cepero, Robert. “How Hospitals Can Protect Their EMR Data,” Bleuwire. December 16, 2020. https://bleuwire.com/how-hospitals-can-protect-their-emr-data/. • Vaidya, Anuja.“5 ways U.S. hospitals can protect against ‘imminent’ ransomware threat,” MedCityNews. October 29, 2020. https://medcitynews.com/2020/10/5-ways-u-s-hospitals-can-protect-against-imminent- ransomware-threat/. • “Understanding EMR vs. EHR,” NextGen Healthcare. July 19, 2019. https://nextgen.com/insights/emr-vs- ehr/emr-vs-ehr. • “Why is PHI Valuable to Criminals?,” Compliancy Group. November 16, 2020. https://compliancy-group.com/why-is-phi-valuable-to-criminals/. • Taylor, Tori. “Hackers, Breaches, and the Value of Healthcare Data.” December 8, 2021. https://www.securelink.com/blog/healthcare-data-new-prize-hackers/. • Adams, Katie. “10 Biggest Patient Data Breaches in 2021,”Becker Hospital Review. December 7,2021. https://www.beckershospitalreview.com/cybersecurity/10-biggest-patient-data-breaches-in-2021.html. • “Costs of a Data Breach Report 2021,” IBM Security. July 28, 2021. https://www.ibm.com/downloads/cas/OJDVQGRY#:~:text=Healthcare%20organizations%20experienced%20th e%20highest,industries%2C%20and%20year%20over%20year. • Deford, Drex. “Under Siege: How Healthcare Organizations Can Fight Back,” CPO Magazine. November 25,2021. https://www.cpomagazine.com/cyber-security/under-siege-how-healthcare-organizations-can-fight- back/. • Kumar, S.Rakesh, Gayathri,N. Muthuramalingam,S., Balamurugan, B, Ramesh,C., Nallakaruppan, M.K. “Medical Big Data Mining and Processing in e-Healthcare,” Internet of Things in BioMedical Engineering. November 1,2019. https://www.sciencedirect.com/topics/engineering/electronic-health-record . References
31 • “What Is An EMR? About EMR Systems - Electronic Medical Records,” Healthcare IT Skills. January 5, 2020. https://healthcareitskills.com/what-is-an-emr-ehr/. • “The 10 Most Common Inpatient EHR Systems by 2021 Market Share,” Definitive Healthcare https://www.mdhinsight.com/services/emr-data-extraction. • Zelinska, Solomija. “Which Types of EMR/EHR Systems are the Best for Your Business,”Empeek. March 5, 2021. https://empeek.com/which-types-of-emr-ehr-systems-are-the-best-for-your-business/ . References
? Questions
33 Questions Upcoming Briefs • 3/3 – Healthcare Cybersecurity: 2021 Year-in-Review / A Look Forward to 2022 Requests for Information Need information on a specific cybersecurity topic? Send your request for information (RFI) to HC3@HHS.GOV. Product Evaluations Recipients of this and other Healthcare Sector Cybersecurity Coordination Center (HC3) Threat Intelligence products are highly encouraged to provide feedback. If you wish to provide feedback, please complete the HC3 Customer Feedback Survey. Disclaimer These recommendations are advisory and are not to be considered as Federal directives or standards. Representatives should review and apply the guidance based on their own requirements and discretion. HHS does not endorse any specific person, entity, product, service, or enterprise.
34 About Us HC3 works with private and public sector partners to improve cybersecurity throughout the Healthcare and Public Health (HPH) Sector Sector & Victim Notifications White Papers Direct communications to victims or potential victims of compromises, vulnerable equipment or PII/PHI theft, as well as general notifications to the HPH about current impacting threats via the HHS OIG. Document that provides in-depth information on a cybersecurity topic to increase comprehensive situational awareness and provide risk recommendations to a wide audience. Threat Briefings & Webinar Briefing presentations that provide actionable information on health sector cybersecurity threats and mitigations. Analysts present current cybersecurity topics, engage in discussions with participants on current threats, and highlight best practices and mitigation tactics. Need information on a specific cybersecurity topic, or want to join our Listserv? Send your request for information (RFI) to HC3@HHS.GOV,or visit us at www.HHS.Gov/HC3. Products
Contact www.HHS.GOV/HC3 HC3@HHS.GOV

Recommended

telemedicineppt.pptx
telemedicineppt.pptxtelemedicineppt.pptx
telemedicineppt.pptx
RiyaMathur18
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Hybrid Cloud
 
Risk management in Healthcare on Cloud
Risk management in Healthcare on CloudRisk management in Healthcare on Cloud
Risk management in Healthcare on Cloud
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
ClearDATACloud
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicaux
Market iT
 
Security issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewSecurity issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A review
journalBEEI
 
Medical Security [EN] .pdf
Medical Security [EN] .pdfMedical Security [EN] .pdf
Medical Security [EN] .pdf
Snarky Security
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docx
wlynn1
 

Recommended

telemedicineppt.pptx
telemedicineppt.pptxtelemedicineppt.pptx
telemedicineppt.pptx
RiyaMathur18
 
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Protecting Data in the Healthcare Industry - Storage Made Easy - Osterman Res...
Hybrid Cloud
 
Risk management in Healthcare on Cloud
Risk management in Healthcare on CloudRisk management in Healthcare on Cloud
Risk management in Healthcare on Cloud
Sandeep Sharma IIMK Smart City,IoT,Bigdata,Cloud,BI,DW
 
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
5 Ways Technology Vendors Put Their Healthcare Customer's PHI at Risk
ClearDATACloud
 
Cybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicauxCybersécurité des dispositifs médicaux
Cybersécurité des dispositifs médicaux
Market iT
 
Security issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A reviewSecurity issues and framework of electronic medical record: A review
Security issues and framework of electronic medical record: A review
journalBEEI
 
Medical Security [EN] .pdf
Medical Security [EN] .pdfMedical Security [EN] .pdf
Medical Security [EN] .pdf
Snarky Security
 
Running head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docxRunning head Information security threats 1Information secur.docx
Running head Information security threats 1Information secur.docx
wlynn1
 
Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
Sparity1
 
Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...
Venkat Projects
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
Kapil Mehrotra
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
ijsptm
 
Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch
Techugo
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
Stephen Cobb
 
Healthcare data breach
Healthcare data breachHealthcare data breach
Healthcare data breach
healthsoftware
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudCheryl Goldberg
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudCheryl Goldberg
 
Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Overcoming Major Electronic Health Record (EHR) Challenges in 2018Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Medical Transcription Service Company
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
mihinpr
 
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Health 2Conf
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
ssuserf9c51d
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Novell
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
Brian Matteson, CISSP CISA
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
Juliette Foine
 
IRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud ComputingIRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET Journal
 
Achieving Cloud-based Healthcare without Jeopardizing Data.pdf
Achieving Cloud-based Healthcare without Jeopardizing Data.pdfAchieving Cloud-based Healthcare without Jeopardizing Data.pdf
Achieving Cloud-based Healthcare without Jeopardizing Data.pdf
Triyam Inc
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
Health IT Conference – iHT2
 
Antares_Investor_Presentation_March_2022.pdf
Antares_Investor_Presentation_March_2022.pdfAntares_Investor_Presentation_March_2022.pdf
Antares_Investor_Presentation_March_2022.pdf
MOHAMMED YASER HUSSAIN
 
Pharma RD Webinar 2022.pdf
Pharma RD Webinar 2022.pdfPharma RD Webinar 2022.pdf
Pharma RD Webinar 2022.pdf
MOHAMMED YASER HUSSAIN
 

More Related Content

Similar to 2022-02-17-1300-emr-in-healthcare-tlpwhite.pdf

Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
Sparity1
 
Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...
Venkat Projects
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
Kapil Mehrotra
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
ijsptm
 
Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch
Techugo
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
Stephen Cobb
 
Healthcare data breach
Healthcare data breachHealthcare data breach
Healthcare data breach
healthsoftware
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudCheryl Goldberg
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudCheryl Goldberg
 
Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Overcoming Major Electronic Health Record (EHR) Challenges in 2018Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Medical Transcription Service Company
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
mihinpr
 
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Health 2Conf
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
ssuserf9c51d
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Novell
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
ramsetl
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
Brian Matteson, CISSP CISA
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
Juliette Foine
 
IRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud ComputingIRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET Journal
 
Achieving Cloud-based Healthcare without Jeopardizing Data.pdf
Achieving Cloud-based Healthcare without Jeopardizing Data.pdfAchieving Cloud-based Healthcare without Jeopardizing Data.pdf
Achieving Cloud-based Healthcare without Jeopardizing Data.pdf
Triyam Inc
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
Health IT Conference – iHT2
 

Similar to 2022-02-17-1300-emr-in-healthcare-tlpwhite.pdf (20)

Why healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdfWhy healthcare is the biggest target for cyberattacks-converted.pdf
Why healthcare is the biggest target for cyberattacks-converted.pdf
 
Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...Security and privacy preserving challenges of e-health solutions in cloud com...
Security and privacy preserving challenges of e-health solutions in cloud com...
 
Big data and cyber security legal risks and challenges
Big data and cyber security legal risks and challengesBig data and cyber security legal risks and challenges
Big data and cyber security legal risks and challenges
 
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
AVAILABILITY, ACCESSIBILITY, PRIVACY AND SAFETY ISSUES FACING ELECTRONIC MEDI...
 
Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch Constructing a HIPAA-compliant healthcare app from scratch
Constructing a HIPAA-compliant healthcare app from scratch
 
The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?The mobile health IT security challenge: way bigger than HIPAA?
The mobile health IT security challenge: way bigger than HIPAA?
 
Healthcare data breach
Healthcare data breachHealthcare data breach
Healthcare data breach
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
 
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_CloudPerspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
Perspecsys_Best_Practices_Guide_for_Protecting_Healthcare_Data_in_the_Cloud
 
Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Overcoming Major Electronic Health Record (EHR) Challenges in 2018Overcoming Major Electronic Health Record (EHR) Challenges in 2018
Overcoming Major Electronic Health Record (EHR) Challenges in 2018
 
Panel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie WaggonerPanel Cyber Security and Privacy without Carrie Waggoner
Panel Cyber Security and Privacy without Carrie Waggoner
 
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
Healthcare Events 2024 To Discuss Cybersecurity Measures For Protecting Patie...
 
Systems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docxSystems AdminstratorAs your systems administrator  person I am.docx
Systems AdminstratorAs your systems administrator  person I am.docx
 
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECHInformation Security & Compliance in Healthcare: Beyond HIPAA and HITECH
Information Security & Compliance in Healthcare: Beyond HIPAA and HITECH
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdf
 
Healthcare and Cyber security
Healthcare and Cyber securityHealthcare and Cyber security
Healthcare and Cyber security
 
Pharmaceutical companies and security
Pharmaceutical companies and securityPharmaceutical companies and security
Pharmaceutical companies and security
 
IRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud ComputingIRJET- Comprehensive Study of E-Health Security in Cloud Computing
IRJET- Comprehensive Study of E-Health Security in Cloud Computing
 
Achieving Cloud-based Healthcare without Jeopardizing Data.pdf
Achieving Cloud-based Healthcare without Jeopardizing Data.pdfAchieving Cloud-based Healthcare without Jeopardizing Data.pdf
Achieving Cloud-based Healthcare without Jeopardizing Data.pdf
 
2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum2015 Atlanta CHIME Lead Forum
2015 Atlanta CHIME Lead Forum
 

More from MOHAMMED YASER HUSSAIN

Antares_Investor_Presentation_March_2022.pdf
Antares_Investor_Presentation_March_2022.pdfAntares_Investor_Presentation_March_2022.pdf
Antares_Investor_Presentation_March_2022.pdf
MOHAMMED YASER HUSSAIN
 
Pharma RD Webinar 2022.pdf
Pharma RD Webinar 2022.pdfPharma RD Webinar 2022.pdf
Pharma RD Webinar 2022.pdf
MOHAMMED YASER HUSSAIN
 
2022-04-novartis-new-organizational-model-presentation.pdf
2022-04-novartis-new-organizational-model-presentation.pdf2022-04-novartis-new-organizational-model-presentation.pdf
2022-04-novartis-new-organizational-model-presentation.pdf
MOHAMMED YASER HUSSAIN
 
Investor-Presentation-Q1-1.pdf
Investor-Presentation-Q1-1.pdfInvestor-Presentation-Q1-1.pdf
Investor-Presentation-Q1-1.pdf
MOHAMMED YASER HUSSAIN
 
SPIL-IR-Presentation-September-2022-INR.pdf
SPIL-IR-Presentation-September-2022-INR.pdfSPIL-IR-Presentation-September-2022-INR.pdf
SPIL-IR-Presentation-September-2022-INR.pdf
MOHAMMED YASER HUSSAIN
 
Roche_Genentech_Company_Presentation_2022.pdf
Roche_Genentech_Company_Presentation_2022.pdfRoche_Genentech_Company_Presentation_2022.pdf
Roche_Genentech_Company_Presentation_2022.pdf
MOHAMMED YASER HUSSAIN
 
2022-Full-Year-Investor-Presentation.pdf
2022-Full-Year-Investor-Presentation.pdf2022-Full-Year-Investor-Presentation.pdf
2022-Full-Year-Investor-Presentation.pdf
MOHAMMED YASER HUSSAIN
 
MHS-2022-IHCP-Roadshow-Presentation.pdf
MHS-2022-IHCP-Roadshow-Presentation.pdfMHS-2022-IHCP-Roadshow-Presentation.pdf
MHS-2022-IHCP-Roadshow-Presentation.pdf
MOHAMMED YASER HUSSAIN
 
AMN-Investor-Presentation-May-2022-FINAL.pdf
AMN-Investor-Presentation-May-2022-FINAL.pdfAMN-Investor-Presentation-May-2022-FINAL.pdf
AMN-Investor-Presentation-May-2022-FINAL.pdf
MOHAMMED YASER HUSSAIN
 
ASCO-2022-IR-Presentation.pdf
ASCO-2022-IR-Presentation.pdfASCO-2022-IR-Presentation.pdf
ASCO-2022-IR-Presentation.pdf
MOHAMMED YASER HUSSAIN
 
DHA Industry Day Slides 2022 v5.pdf
DHA Industry Day Slides 2022 v5.pdfDHA Industry Day Slides 2022 v5.pdf
DHA Industry Day Slides 2022 v5.pdf
MOHAMMED YASER HUSSAIN
 
asx_20220223_2345299.pdf
asx_20220223_2345299.pdfasx_20220223_2345299.pdf
asx_20220223_2345299.pdf
MOHAMMED YASER HUSSAIN
 
Tenet-2022-JPM-Presentation.pdf
Tenet-2022-JPM-Presentation.pdfTenet-2022-JPM-Presentation.pdf
Tenet-2022-JPM-Presentation.pdf
MOHAMMED YASER HUSSAIN
 
AHEL-Investor-Presentation-June-22-INR.pdf
AHEL-Investor-Presentation-June-22-INR.pdfAHEL-Investor-Presentation-June-22-INR.pdf
AHEL-Investor-Presentation-June-22-INR.pdf
MOHAMMED YASER HUSSAIN
 
q2-2022-investor-presentation.pdf
q2-2022-investor-presentation.pdfq2-2022-investor-presentation.pdf
q2-2022-investor-presentation.pdf
MOHAMMED YASER HUSSAIN
 
5.CRCRole_Documentation.pdf
5.CRCRole_Documentation.pdf5.CRCRole_Documentation.pdf
5.CRCRole_Documentation.pdf
MOHAMMED YASER HUSSAIN
 
Handout-Structure-of-med-res-paper-RG-checklists_FINAL.pdf
Handout-Structure-of-med-res-paper-RG-checklists_FINAL.pdfHandout-Structure-of-med-res-paper-RG-checklists_FINAL.pdf
Handout-Structure-of-med-res-paper-RG-checklists_FINAL.pdf
MOHAMMED YASER HUSSAIN
 
Elsevier.How to write a world-class paper.pdf
Elsevier.How to write a world-class paper.pdfElsevier.How to write a world-class paper.pdf
Elsevier.How to write a world-class paper.pdf
MOHAMMED YASER HUSSAIN
 
omega-healthcare-new-investor-presentation-4q21-april-2022.pdf
omega-healthcare-new-investor-presentation-4q21-april-2022.pdfomega-healthcare-new-investor-presentation-4q21-april-2022.pdf
omega-healthcare-new-investor-presentation-4q21-april-2022.pdf
MOHAMMED YASER HUSSAIN
 
HealthCare-Global-HCG-Q2FY18-Investor-Presentation.pdf
HealthCare-Global-HCG-Q2FY18-Investor-Presentation.pdfHealthCare-Global-HCG-Q2FY18-Investor-Presentation.pdf
HealthCare-Global-HCG-Q2FY18-Investor-Presentation.pdf
MOHAMMED YASER HUSSAIN
 

More from MOHAMMED YASER HUSSAIN (20)

Antares_Investor_Presentation_March_2022.pdf
Antares_Investor_Presentation_March_2022.pdfAntares_Investor_Presentation_March_2022.pdf
Antares_Investor_Presentation_March_2022.pdf
 
Pharma RD Webinar 2022.pdf
Pharma RD Webinar 2022.pdfPharma RD Webinar 2022.pdf
Pharma RD Webinar 2022.pdf
 
2022-04-novartis-new-organizational-model-presentation.pdf
2022-04-novartis-new-organizational-model-presentation.pdf2022-04-novartis-new-organizational-model-presentation.pdf
2022-04-novartis-new-organizational-model-presentation.pdf
 
Investor-Presentation-Q1-1.pdf
Investor-Presentation-Q1-1.pdfInvestor-Presentation-Q1-1.pdf
Investor-Presentation-Q1-1.pdf
 
SPIL-IR-Presentation-September-2022-INR.pdf
SPIL-IR-Presentation-September-2022-INR.pdfSPIL-IR-Presentation-September-2022-INR.pdf
SPIL-IR-Presentation-September-2022-INR.pdf
 
Roche_Genentech_Company_Presentation_2022.pdf
Roche_Genentech_Company_Presentation_2022.pdfRoche_Genentech_Company_Presentation_2022.pdf
Roche_Genentech_Company_Presentation_2022.pdf
 
2022-Full-Year-Investor-Presentation.pdf
2022-Full-Year-Investor-Presentation.pdf2022-Full-Year-Investor-Presentation.pdf
2022-Full-Year-Investor-Presentation.pdf
 
MHS-2022-IHCP-Roadshow-Presentation.pdf
MHS-2022-IHCP-Roadshow-Presentation.pdfMHS-2022-IHCP-Roadshow-Presentation.pdf
MHS-2022-IHCP-Roadshow-Presentation.pdf
 
AMN-Investor-Presentation-May-2022-FINAL.pdf
AMN-Investor-Presentation-May-2022-FINAL.pdfAMN-Investor-Presentation-May-2022-FINAL.pdf
AMN-Investor-Presentation-May-2022-FINAL.pdf
 
ASCO-2022-IR-Presentation.pdf
ASCO-2022-IR-Presentation.pdfASCO-2022-IR-Presentation.pdf
ASCO-2022-IR-Presentation.pdf
 
DHA Industry Day Slides 2022 v5.pdf
DHA Industry Day Slides 2022 v5.pdfDHA Industry Day Slides 2022 v5.pdf
DHA Industry Day Slides 2022 v5.pdf
 
asx_20220223_2345299.pdf
asx_20220223_2345299.pdfasx_20220223_2345299.pdf
asx_20220223_2345299.pdf
 
Tenet-2022-JPM-Presentation.pdf
Tenet-2022-JPM-Presentation.pdfTenet-2022-JPM-Presentation.pdf
Tenet-2022-JPM-Presentation.pdf
 
AHEL-Investor-Presentation-June-22-INR.pdf
AHEL-Investor-Presentation-June-22-INR.pdfAHEL-Investor-Presentation-June-22-INR.pdf
AHEL-Investor-Presentation-June-22-INR.pdf
 
q2-2022-investor-presentation.pdf
q2-2022-investor-presentation.pdfq2-2022-investor-presentation.pdf
q2-2022-investor-presentation.pdf
 
5.CRCRole_Documentation.pdf
5.CRCRole_Documentation.pdf5.CRCRole_Documentation.pdf
5.CRCRole_Documentation.pdf
 
Handout-Structure-of-med-res-paper-RG-checklists_FINAL.pdf
Handout-Structure-of-med-res-paper-RG-checklists_FINAL.pdfHandout-Structure-of-med-res-paper-RG-checklists_FINAL.pdf
Handout-Structure-of-med-res-paper-RG-checklists_FINAL.pdf
 
Elsevier.How to write a world-class paper.pdf
Elsevier.How to write a world-class paper.pdfElsevier.How to write a world-class paper.pdf
Elsevier.How to write a world-class paper.pdf
 
omega-healthcare-new-investor-presentation-4q21-april-2022.pdf
omega-healthcare-new-investor-presentation-4q21-april-2022.pdfomega-healthcare-new-investor-presentation-4q21-april-2022.pdf
omega-healthcare-new-investor-presentation-4q21-april-2022.pdf
 
HealthCare-Global-HCG-Q2FY18-Investor-Presentation.pdf
HealthCare-Global-HCG-Q2FY18-Investor-Presentation.pdfHealthCare-Global-HCG-Q2FY18-Investor-Presentation.pdf
HealthCare-Global-HCG-Q2FY18-Investor-Presentation.pdf
 

Recently uploaded

VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
rajkumar669520
 
Artificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular TherapyArtificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular Therapy
Iris Thiele Isip-Tan
 
💘Ludhiana ℂall Girls 📞]][89011★83002][[ 📱 ❤ESCORTS service in Ludhiana💃💦Ludhi...
💘Ludhiana ℂall Girls 📞]][89011★83002][[ 📱 ❤ESCORTS service in Ludhiana💃💦Ludhi...💘Ludhiana ℂall Girls 📞]][89011★83002][[ 📱 ❤ESCORTS service in Ludhiana💃💦Ludhi...
💘Ludhiana ℂall Girls 📞]][89011★83002][[ 📱 ❤ESCORTS service in Ludhiana💃💦Ludhi...
ranishasharma67
 
Nursing Care of Client With Acute And Chronic Renal Failure.ppt
Nursing Care of Client With Acute And Chronic Renal Failure.pptNursing Care of Client With Acute And Chronic Renal Failure.ppt
Nursing Care of Client With Acute And Chronic Renal Failure.ppt
Rommel Luis III Israel
 
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
ranishasharma67
 
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptxGLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
priyabhojwani1200
 
HEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptxHEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptx
priyabhojwani1200
 
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
Ameena Kadar
 
一比一原版纽约大学毕业证(NYU毕业证)成绩单留信认证
一比一原版纽约大学毕业证(NYU毕业证)成绩单留信认证一比一原版纽约大学毕业证(NYU毕业证)成绩单留信认证
一比一原版纽约大学毕业证(NYU毕业证)成绩单留信认证
o6ov5dqmf
 
The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........
TheDocs
 
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
The Lifesciences Magazine
 
Telehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptxTelehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptx
The Harvest Clinic
 
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptxBOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
AnushriSrivastav
 
Myopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptxMyopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptx
RitonDeb1
 
Navigating Healthcare with Telemedicine
Navigating Healthcare with TelemedicineNavigating Healthcare with Telemedicine
Navigating Healthcare with Telemedicine
Iris Thiele Isip-Tan
 
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Guillermo Rivera
 
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
ranishasharma67
 
CANCER CANCER CANCER CANCER CANCER CANCER
CANCER CANCER CANCER CANCER CANCER CANCERCANCER CANCER CANCER CANCER CANCER CANCER
CANCER CANCER CANCER CANCER CANCER CANCER
KRISTELLEGAMBOA2
 
A Community health , health for prisoners
A Community health , health for prisonersA Community health , health for prisoners
A Community health , health for prisoners
Ahmed Elmi
 
CONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docxCONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docx
PGIMS Rohtak
 

Recently uploaded (20)

VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
VVIP Dehradun Girls 9719300533 Heat-bake { Dehradun } Genteel ℂall Serviℂe By...
 
Artificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular TherapyArtificial Intelligence to Optimize Cardiovascular Therapy
Artificial Intelligence to Optimize Cardiovascular Therapy
 
💘Ludhiana ℂall Girls 📞]][89011★83002][[ 📱 ❤ESCORTS service in Ludhiana💃💦Ludhi...
💘Ludhiana ℂall Girls 📞]][89011★83002][[ 📱 ❤ESCORTS service in Ludhiana💃💦Ludhi...💘Ludhiana ℂall Girls 📞]][89011★83002][[ 📱 ❤ESCORTS service in Ludhiana💃💦Ludhi...
💘Ludhiana ℂall Girls 📞]][89011★83002][[ 📱 ❤ESCORTS service in Ludhiana💃💦Ludhi...
 
Nursing Care of Client With Acute And Chronic Renal Failure.ppt
Nursing Care of Client With Acute And Chronic Renal Failure.pptNursing Care of Client With Acute And Chronic Renal Failure.ppt
Nursing Care of Client With Acute And Chronic Renal Failure.ppt
 
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
Contact ME {89011**83002} Haridwar ℂall Girls By Full Service Call Girl In Ha...
 
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptxGLOBAL WARMING BY PRIYA BHOJWANI @..pptx
GLOBAL WARMING BY PRIYA BHOJWANI @..pptx
 
HEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptxHEAT WAVE presented by priya bhojwani..pptx
HEAT WAVE presented by priya bhojwani..pptx
 
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......POLYCYSTIC OVARIAN SYNDROME (PCOS)......
POLYCYSTIC OVARIAN SYNDROME (PCOS)......
 
一比一原版纽约大学毕业证(NYU毕业证)成绩单留信认证
一比一原版纽约大学毕业证(NYU毕业证)成绩单留信认证一比一原版纽约大学毕业证(NYU毕业证)成绩单留信认证
一比一原版纽约大学毕业证(NYU毕业证)成绩单留信认证
 
The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........The Docs PPG - 30.05.2024.pptx..........
The Docs PPG - 30.05.2024.pptx..........
 
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
Deep Leg Vein Thrombosis (DVT): Meaning, Causes, Symptoms, Treatment, and Mor...
 
Telehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptxTelehealth Psychology Building Trust with Clients.pptx
Telehealth Psychology Building Trust with Clients.pptx
 
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptxBOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
BOWEL ELIMINATION BY ANUSHRI SRIVASTAVA.pptx
 
Myopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptxMyopia Management & Control Strategies.pptx
Myopia Management & Control Strategies.pptx
 
Navigating Healthcare with Telemedicine
Navigating Healthcare with TelemedicineNavigating Healthcare with Telemedicine
Navigating Healthcare with Telemedicine
 
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
Navigating Challenges: Mental Health, Legislation, and the Prison System in B...
 
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
GURGAON Call Girls ❤8901183002❤ #ℂALL# #gIRLS# In GURGAON ₹,2500 Cash Payment...
 
CANCER CANCER CANCER CANCER CANCER CANCER
CANCER CANCER CANCER CANCER CANCER CANCERCANCER CANCER CANCER CANCER CANCER CANCER
CANCER CANCER CANCER CANCER CANCER CANCER
 
A Community health , health for prisoners
A Community health , health for prisonersA Community health , health for prisoners
A Community health , health for prisoners
 
CONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docxCONSTRUCTION OF TEST IN MANAGEMENT .docx
CONSTRUCTION OF TEST IN MANAGEMENT .docx
 

2022-02-17-1300-emr-in-healthcare-tlpwhite.pdf

  • 1. Electronic Medical Records in Healthcare 02/17/2022 TLP: WHITE, ID# 202202171300
  • 2. Agenda 2 • What Is an EMR, and How Is It Used in Healthcare? • Top EHR Software Used in Hospitals • Benefits & Risks of Using EMR/HER • Why EMRs/EHRs Are Valuable to Cyber Attackers • How Are EMR/EHRs Stored and Handled? • EMR Compromised, Healthcare & Critical Industries Hacked • Healthcare Industry Under Attack • Healthcare Industry Under Attack, Part II • Top Data Breaches of 2021 • Top Threats Against Electronic Medical & Health Records • Costs of Data Breach • Protecting EMR & EHR Data • References Non-Technical: Managerial, strategic and high- level (general audience) Technical: Tactical / IOCs; requiring in-depth knowledge (sysadmins, IRT) Slides Key:
  • 3. 3 Electronic medical records (EMRs) and electronic health records (EHRs) are often used interchangeably. An EMR allows the electronic entry, storage, and maintenance of digital medical data. EHR contains the patient's records from doctors and includes demographics, test results, medical history, history of present illness (HPI), and medications. EMRs are part of EHRs and contain the following: • Patient registration, billing, preventive screenings, or checkups • Patient appointment and scheduling • Tracking patient data over time • Monitoring and improving overall quality of care What Is an EMR and How Is It Used in Healthcare? EMR vs EHR Electronic healthcare record process diagram
  • 4. 4 Top EMR/EHR Software Systems Used in Hospitals Top 10 Inpatient EHR Vendors by Market Share Courtesy of Definitive Healthcare's HospitalView. (June 2021)
  • 5. 5 Benefits and Risks of Using EMR/EHR Some risks of using electronic medical records / electronic health records are: The risks to EHRs relate primarily to a range of factors that include user-related issues, financial issues and design flaws that create barriers to using them as an effective tool to deliver healthcare services. EMR is also a top target in healthcare breaches. Additional risks are as follows: • Security or privacy issues • Potentially vulnerable to hacking • Data can be lost or destroyed • Inaccurate paper-to-computer transmission • Cause of treatment error Some benefits of using electronic medical records and electronic health records are: • Comprehensive patient-history records • Makes patient data shareable • Improved quality of care • Convenience and efficiency
  • 6. 6 Why EMRs/EHRs Are Valuable to Cyber Attackers EMR/EHRs are valuable to cyber attackers because of the Protected Health Information (PHI) it contains and the profit they can make on the dark web or black market. These 18 identifiers provide criminals with more information than any other breached record. Extortion, fraud, identity theft, data laundering, Hacktivist / Promoting Political Agenda and Sabotage are some ways cyber attackers use this data for profit. HIPAA Protected Health Identifiers (PHI) Names Dates, except year Telephone numbers Geographic data FAX numbers Social Security numbers Email addresses Medical record numbers Account numbers Health plan beneficiary numbers Certificate/license numbers Vehicle identifiers and serial numbers including license plates Web URLs Device identifiers and serial numbers Internet protocol (IP) addresses Full face photos and comparable images Biometric identifiers (i.e. retinal scan, fingerprints) Any unique identifying number or code
  • 7. 7 Why EMRs/EHRs Are Valuable to Cyber Attackers, Part II According to IBM, stolen healthcare data is the most valuable, as the graph below shows:
  • 8. 8 How EMRs/EHRs Are Stored and Handled EMR / EHR data is stored on dedicated servers in specific, known physical locations.
  • 9. 9 EMR Compromised, Healthcare & Critical Industries Hacked In 2020, at least 2,354 U.S. government, healthcare facilities and schools were impacted by a significant increase in ransomware. The cyber attacks caused significant disruption across the healthcare industry. Organizations impacted by these attacks are as follows: • 113 federal, state and municipal governments and agencies • 1,681 schools, colleges and universities • 560 healthcare facilities • Pennsylvania Health Services Company (operates 400 hospitals & healthcare facilities)
  • 10. 10 Healthcare data breaches have increased significantly. According to the HIPAA Journal’s 2020 Healthcare Data Breach Report, the healthcare industry in 2020 had the third largest number of data breaches on record since 2009. Healthcare Industry Under Attack
  • 11. 11 Entities With the Most Data Breaches (per HIPAA Journal): Healthcare Industry Under Attack, Part II
  • 12. Top Data Breaches of 2021 TLP: WHITE 12 In 2021, HHS received reports of data breaches from 578 healthcare organizations, impacting more than 41.45 million individuals. The following list is of organizations with the most individuals affected in 2021: • Florida Pediatric Health Pediatric Organization: 3.5 million • Florida Vision Care Provider: 3.25 million • Wisconsin Dermatologist: 2.41 million • Texas Health Network: 1.66 million • Indiana General Health Provider: 1.52 million • Ohio Pharmacy Network: 1.47 million • Georgia Health Network: 1.4 million • Nevada University Health Center: 1.3 million • New York Anesthesiologist: 1.27 million • New York Medical Management Solutions Provider: 1.21 million In January 2022, 38 organizations reported nearly 2 million individuals were impacted by data breaches.
  • 13. 13 Top Threats Against Electronic Medical & Health Records • Phishing Attacks • Malware & Ransomware Attacks • Encryption Blind Spots • Cloud Threats • Employees
  • 14. 14 Phishing Attacks A phishing attack is a type of social engineering attack where the threat actor pretends to be a trusted source and tricks their target into opening an email or clicking a link, revealing their login credentials and depositing malware. You can protect EMRs/EHRs by doing the following: • Educate healthcare professionals • Do not click links within an email that do not match, or has a TLD associated with suspicious sites • Physicians should verify all EHR file-share requests before sending any data
  • 15. 15 Malware and Ransomware Attacks Malware enters a healthcare system’s computer network through software vulnerabilities, encrypted traffic, downloads, and phishing attacks. The effect of each type of malware attack ranges from data theft to harming host computers and networks. Ransomware is a type of malware that locks users out of their network system or computer until the threat actor or hacker who launched the attack is paid for regained access to data, information, and files. This could be dangerous for hospitals, healthcare facilities, and others who rely on EHRs or EMRs for up-to- date information to provide patient care.
  • 16. 16 Encryption Blind Spots Data encryption protects and secures EMR/EHR data while it is being transferred between on-site users and external cloud applications. Blind spots in encrypted traffic could pose a threat to IT healthcare because threat actors or hackers are able to use encrypted blind spots to avoid detection, hide, and execute their targeted attack. Also helps with HIPAA, FISMA, and Sarbanes-Oxley Act of 2002 compliance.
  • 17. 17 Cloud Threats More healthcare organizations are using Cloud services to improve patient care, so there is an increasing need to keep private data secure while complying with HIPAA.
  • 18. 18 Employees: Insider Threats Insider threats apply across industries, including the heath sector. It is recommended that your healthcare organization has a cybersecurity strategy and policy that’s not only understood but followed and enforced. An effective strategy involves: • Educating all healthcare partners and staff • Enhancing administrative controls • Monitoring physical and system access • Creating workstation usage policies o Auditing and monitoring system users o Employing device and media controls o Applying data encryption
  • 19. 19 Data breaches targeting EMRs/EHRs have been costly for the healthcare industry. According to IBM, the average cost per incident in 2021 was $9.3 million, and there were 40 million patient records compromised. HIPAA developed four tiers of penalties for failure to protect PHI: First Tier: $100-$50K per incident (up to $1.5M) Second Tier: $1,000-$50K (up to $1.5M) Third Tier: $10,000-$50,000 (up to $1.5M) per incident Fourth Tier: at least $50,000 (up to $1.5M) per incident Costs of Data Breach
  • 20. 20 Protecting EMR & EHR Data Here are a few strategies that healthcare leaders should consider to strengthen their organization’s cyber posture: • Evaluate risk before an attack • Use VPN with multifactor authentication (MFA) • Develop an endpoint hardening strategy • Endpoint Detection and Response (EDR) • Protect emails and patient health records • Engage Cyber Threat Hunters • Conduct red team / blue team exercises • Moving beyond prevention
  • 21. 21 Protecting EMR & EHR Data – Evaluate Risk Before an Attack Healthcare leaders should understand where operational vulnerabilities exist in their organization, from marketing all the way down to critical health records. By understanding the scope of the task at hand, management and other healthcare leaders can create a preparedness plan to address any weaknesses in digital infrastructure.
  • 22. 22 Protecting EMR & EHR Data – Use VPN with MFA Leaders in the healthcare industry should consider developing a strategy to combat ransomware that targets Remote Desktop Protocol (RDP) and other applications that face the Internet. Healthcare leaders should also consider adding a VPN with multifactor authentication to avoid exposing their RDP and prioritize patching for vulnerabilities in VPN platform and other applications.
  • 23. 23 Protecting EMR & EHR Data – Develop Endpoint Hardening Strategy with EDR Developing an endpoint hardening strategy allows healthcare leaders the ability to harden their digital infrastructure with multiple defense layers at various endpoints. This strategy also detects and contains an attack before it can reach patient medical records or other sensitive information. Endpoint Detection and Response (EDR) should also be added to detect and mitigate cyber threats.
  • 24. 24 Protecting EMR & EHR Data – Emails & Patient Health Records It is imperative that patient health records and emails are protected. In addition to threat actors using Remote Desktop Protocol (RDP) to gain access, HIVE ransomware attacks malicious files attached to phishing emails to gain access to health records and company systems. Email security software with URL filtering and attachment sandboxing is recommended as a mitigation strategy.
  • 25. 25 Protecting EMR & EHR Data – Engage Cyber Threat Hunters Threat hunting is a proactive practice that finds threat actors or hackers who have infiltrated a network’s initial endpoint security defenses. This type of human threat detection capability operates as an extension of the organization’s cyber team that will track, prevent, or even stop potential cyber attacks on an organization.
  • 26. 26 Protecting EMR & EHR Data – Conduct Red Team / Blue Team Exercises Red and blue team exercises are essentially a face-off between two teams of highly trained cybersecurity professionals: • Red Team uses real-world adversary tradecraft to compromise the environment. • Blue Team consists of incident responders who work within the security unit to identify, assess and respond to the intrusion. These exercises are imperative to understanding issues with an organization's network, vulnerabilities and other possible security gaps.
  • 27. 27 Protecting EMR & EHR Data – Moving Beyond Prevention It is recommended that healthcare leaders shift their focus by moving beyond a prevention strategy and creating a proactive preparedness plan. This helps understand vulnerabilities in the current network landscape and provides guidance needed for framework that will be effective in identifying and preventing attacks, which is key to protecting EMRs/EHRs, along with access to vital patient data.
  • 29. 29 • Duffin, Sonya. “Top 10 Cybersecurity Best Practices to Combat Ransomware,” Threat Post. November 12, 2021. https://threatpost.com/cybersecurity-best-practices-ransomware/176316/. • Green, Jeff. “Disadvantages of EHR systems - dispelling your fears,” EHR Knowledge Zone. August 15, 2019. https://www.ehrinpractice.com/ehr-system-disadvantages.html. • “What are the Consequences of a Medical Record Breach,” American Retrieval. September 22,2020. https://www.americanretrieval.com/medical-records-breach. • O’Connor, Stephen. “Top 5 Risks You May Encounter After an EHR Software Implementation,” Advanced Data Systems Corruption. January 31, 2017. https://www.adsc.com/blog/top-5-risks-you-may-encounter- after-an-ehr-software-implementation. • Marchesini,Kathryn;Massihi, Ali. “4 Ways Using the HHS Security Risk Assessment Tool Can Help Your Organization,” Health IT Buzz. October 30, 2019. https://www.healthit.gov/buzz-blog/privacy-and-security- of-ehrs/4-ways-using-the-hhs-security-risk-assessment-tool-can-help-your-organization. • “2020 Healthcare Data Breach Report: 25% Increase in Breaches in 2020,” HIPAA Journal. January 19, 2021. https://www.hipaajournal.com/2020-healthcare-data-breach-report-us/. • “Programs/Electronic Medical Records(EMR),” MedixOnline. May 21, 2021. https://medixonline.ca/programs/electronic-medical-records-emr/. • Luyer, Eric M. “Cybersecurity Risks in Medical Devices Are Real,” MedTech Intelligence. February 23, 2017. https://www.medtechintelligence.com/feature_article/cybersecurity-risks-medical-devices-real/. • Cepero, Robert. “How Hospitals Can Protect Their EMR Data,” Bleuwire. December 16, 2020. https://bleuwire.com/how-hospitals-can-protect-their-emr-data/. References
  • 30. 30 • Cepero, Robert. “How Hospitals Can Protect Their EMR Data,” Bleuwire. December 16, 2020. https://bleuwire.com/how-hospitals-can-protect-their-emr-data/. • Vaidya, Anuja.“5 ways U.S. hospitals can protect against ‘imminent’ ransomware threat,” MedCityNews. October 29, 2020. https://medcitynews.com/2020/10/5-ways-u-s-hospitals-can-protect-against-imminent- ransomware-threat/. • “Understanding EMR vs. EHR,” NextGen Healthcare. July 19, 2019. https://nextgen.com/insights/emr-vs- ehr/emr-vs-ehr. • “Why is PHI Valuable to Criminals?,” Compliancy Group. November 16, 2020. https://compliancy-group.com/why-is-phi-valuable-to-criminals/. • Taylor, Tori. “Hackers, Breaches, and the Value of Healthcare Data.” December 8, 2021. https://www.securelink.com/blog/healthcare-data-new-prize-hackers/. • Adams, Katie. “10 Biggest Patient Data Breaches in 2021,”Becker Hospital Review. December 7,2021. https://www.beckershospitalreview.com/cybersecurity/10-biggest-patient-data-breaches-in-2021.html. • “Costs of a Data Breach Report 2021,” IBM Security. July 28, 2021. https://www.ibm.com/downloads/cas/OJDVQGRY#:~:text=Healthcare%20organizations%20experienced%20th e%20highest,industries%2C%20and%20year%20over%20year. • Deford, Drex. “Under Siege: How Healthcare Organizations Can Fight Back,” CPO Magazine. November 25,2021. https://www.cpomagazine.com/cyber-security/under-siege-how-healthcare-organizations-can-fight- back/. • Kumar, S.Rakesh, Gayathri,N. Muthuramalingam,S., Balamurugan, B, Ramesh,C., Nallakaruppan, M.K. “Medical Big Data Mining and Processing in e-Healthcare,” Internet of Things in BioMedical Engineering. November 1,2019. https://www.sciencedirect.com/topics/engineering/electronic-health-record . References
  • 31. 31 • “What Is An EMR? About EMR Systems - Electronic Medical Records,” Healthcare IT Skills. January 5, 2020. https://healthcareitskills.com/what-is-an-emr-ehr/. • “The 10 Most Common Inpatient EHR Systems by 2021 Market Share,” Definitive Healthcare https://www.mdhinsight.com/services/emr-data-extraction. • Zelinska, Solomija. “Which Types of EMR/EHR Systems are the Best for Your Business,”Empeek. March 5, 2021. https://empeek.com/which-types-of-emr-ehr-systems-are-the-best-for-your-business/ . References
  • 33. 33 Questions Upcoming Briefs • 3/3 – Healthcare Cybersecurity: 2021 Year-in-Review / A Look Forward to 2022 Requests for Information Need information on a specific cybersecurity topic? Send your request for information (RFI) to HC3@HHS.GOV. Product Evaluations Recipients of this and other Healthcare Sector Cybersecurity Coordination Center (HC3) Threat Intelligence products are highly encouraged to provide feedback. If you wish to provide feedback, please complete the HC3 Customer Feedback Survey. Disclaimer These recommendations are advisory and are not to be considered as Federal directives or standards. Representatives should review and apply the guidance based on their own requirements and discretion. HHS does not endorse any specific person, entity, product, service, or enterprise.
  • 34. 34 About Us HC3 works with private and public sector partners to improve cybersecurity throughout the Healthcare and Public Health (HPH) Sector Sector & Victim Notifications White Papers Direct communications to victims or potential victims of compromises, vulnerable equipment or PII/PHI theft, as well as general notifications to the HPH about current impacting threats via the HHS OIG. Document that provides in-depth information on a cybersecurity topic to increase comprehensive situational awareness and provide risk recommendations to a wide audience. Threat Briefings & Webinar Briefing presentations that provide actionable information on health sector cybersecurity threats and mitigations. Analysts present current cybersecurity topics, engage in discussions with participants on current threats, and highlight best practices and mitigation tactics. Need information on a specific cybersecurity topic, or want to join our Listserv? Send your request for information (RFI) to HC3@HHS.GOV,or visit us at www.HHS.Gov/HC3. Products