array(4) {
[0]=>
object(WP_Post)#12172 (24) {
["ID"]=>
int(130718)
["post_author"]=>
string(4) "3682"
["post_date"]=>
string(19) "2024-04-26 09:05:00"
["post_date_gmt"]=>
string(19) "2024-04-26 13:05:00"
["post_content"]=>
string(7543) "
An update to the Health Insurance Portability and Accountability Act (HIPAA) Security Rule is now underway with new cybersecurity requirements. In addition, the Department of Health and Human Services (HHS) is issuing new guidance for health care providers to help better prepare them on how best to respond to cyber threats.
The update is designed to help the health care sector build a more resilient system. HHS Healthcare Sector Cybersecurity has issued a concept paper that provides voluntary health care-specific Cybersecurity Performance Goals (CPGs) to help organizations prioritize implementation of high-impact cybersecurity practices. The practices are designed to improve cyber resiliency and ultimately protect patients’ health information and safety. “Hackers are getting wiser,” said Dotty Bollinger, JD, Healthcare Compliance Consultant, Compliancy Group, Greenlawn, New York. “I do believe cyberattacks are a greater threat than they've ever been, and unfortunately there is still a prevalent belief that ‘it won't happen to us.’”
The health care sector is particularly vulnerable to cybersecurity risks, and the stakes for patient care and safety are high. Health care facilities are attractive targets for cyber criminals because of their technological dependence and sensitive data. HHS tracks large data breaches through its Office for Civil Rights (OCR). The latest data show a 93% increase in large breaches (from 369 to 712) reported from 2018 to 2022. During that same period, there was a 278% increase in large breaches involving ransomware reported to OCR.
“I've seen so many well-meaning health care practices and providers build robust compliance programs only to skimp on cyber protections because the practice lacks expertise or money to make bold moves in cyber protection,” Bollinger said.
Recent cyber incidents affecting hospitals and health systems have led to widespread care disruptions with patients being diverted to other facilities. These attacks impact local emergency departments, radiology units, and cancer centers.
Currently, health care organizations have access to numerous cybersecurity standards and guidance. The HHS, with input from industry, is establishing voluntary sector-specific cybersecurity performance goals. These goals provide a clear direction for industry and help to inform potential future regulatory action. The Healthcare and Public Health Sector-Specific Cybersecurity Performance Goals (HPH CPGs) are designed to help health care institutions better prioritize the implementation of high-impact cybersecurity practices.
HHS envisions the establishment of 2 programs. One would include an upfront investment to help high-need health care providers, such as low-resourced hospitals. Funds would be allocated to cover the upfront costs associated with implementing “essential” HPH CPGs. A second program would provide incentives to encourage all hospitals to invest in advanced cybersecurity practices.
Given the increased risk profile of hospitals, HHS wants to have all hospitals meeting sector-specific CPGs in the coming years. With additional authorities and resources, HHS will propose incorporation of HPH CPGs into existing regulations and programs that will inform the creation of new enforceable cybersecurity standards.
An update to the HIPAA Security Rule is planned for this spring and it will include new cybersecurity requirements. Some of the ideas discussed involve letting patients inspect their protected health information (PHI) in person and allowing them to take notes or photographs of their PHI. Another change being discussed is shortening the maximum time to provide access to PHI from 30 days to 15 days.
While the pending changes have been talked about for quite some time, the operational impact to most providers will be minimal, Bollinger said. “I see these changes that essentially ease a patient's access to their own PHI as being really a codification of the service element,” she said. “It's the patient's PHIs. We live in an instant world with technology, and now we need to move promptly and in different ways to provide quick access.”
A serious concern is the tracking of patient data. HIPAA privacy requirements may be violated through data collection and its usage. “As a consumer of health care who is knowledgeable about security processes generally,” Bollinger said, I am concerned that aggregated data is allowing someone, the government, insurers, or health systems, to make assumptions about me based on this trending of patient data. With the presence of AI in health care, I'm even more concerned that individual privacy is at risk.”
Ryan Witt, vice president of Industry Solutions for Proofpoint in Sunnyvale, California, recommends that clinicians follow the guidance from the HHS’s 405(d) program. It aims to develop consensus-based best practices and methodologies to strengthen the health care and public health sector's cybersecurity preparedness. “It is highly likely that any subsequent HIPAA legislation will be tightly aligned to the 405(d) recommendations for enhanced cybersecurity resiliency,” Witt said.
The health care industry will always be vulnerable because of the high-value nature of its data. “Health care also stores a disproportionately large amount of data and often must keep that data for long periods, increasing the size of the attack surface,” Witt explained. “The industry also has many third-party workers and a significant number of remote workers, both of whom often use employee-owned devices, which complicates the attack vector.”
Proactive steps to help build a more resilient system for healthcare providers are warranted. Cyberattacks on health care organizations now are coming from all over the world, and they are escalating. “The risk is as great as has ever been and the resulting detrimental impact on patient care is a significant area of concern,” Witt said. “The guidance, for example from the 405(d) team, available to the health care industry is clear, pragmatic, and highly valuable. Health care now needs to catch up and match other industries that have made significant investments in improving their cybersecurity preparedness.”
"
["post_title"]=>
string(80) "HIPAA Update to Include Cybersecurity Requirements for Health Care Organizations"
["post_excerpt"]=>
string(123) "Medical facilities are attractive targets for cyber criminals because of their technological dependence and sensitive data."
["post_status"]=>
string(7) "publish"
["comment_status"]=>
string(6) "closed"
["ping_status"]=>
string(6) "closed"
["post_password"]=>
string(0) ""
["post_name"]=>
string(80) "hipaa-update-to-include-cybersecurity-requirements-for-health-care-organizations"
["to_ping"]=>
string(0) ""
["pinged"]=>
string(0) ""
["post_modified"]=>
string(19) "2024-04-26 09:14:25"
["post_modified_gmt"]=>
string(19) "2024-04-26 13:14:25"
["post_content_filtered"]=>
string(0) ""
["post_parent"]=>
int(0)
["guid"]=>
string(45) "https://www.renalandurologynews.com/?p=130718"
["menu_order"]=>
int(0)
["post_type"]=>
string(4) "post"
["post_mime_type"]=>
string(0) ""
["comment_count"]=>
string(1) "0"
["filter"]=>
string(3) "raw"
}
[1]=>
object(WP_Post)#12182 (24) {
["ID"]=>
int(132466)
["post_author"]=>
string(4) "3682"
["post_date"]=>
string(19) "2024-04-23 09:05:00"
["post_date_gmt"]=>
string(19) "2024-04-23 13:05:00"
["post_content"]=>
string(14108) "
More and more clinical trials of cancer drugs involve assessments of patients’ views on how treatments are affecting them. The US Food and Drug Administration (FDA) encourages the gathering and reporting of these patient-reported outcomes (PROs), which offer insight into the patient experience without biased interpretation by investigators. Still, PROs for cancer drugs are frequently absent from marketing approval requests submitted to the FDA, or they are inadequate. Recent studies have found that the FDA approves many novel cancer drugs without PROs, so these medications reach the market without patients’ perspectives on how these products influenced their quality of life.
A study presented at the American Society of Clinical Oncology’s 2023 annual meeting by investigators at Howard University in Washington, DC, revealed that less than half of 420 pivotal trials leading to FDA cancer drug approvals from 2006 to 2022 included PRO assessments.1 Another study, published in 2023 in Supportive Care in Cancer,2 showed that of 59 unique cancer drugs approved from 2013 to 2022 via the FDA’s accelerated approval pathway, only 59% included PRO assessments in the clinical trials. The investigators concluded that “PRO measurements are inconsistently utilized in trials leading to initial accelerated approvals of oncology drugs, and there seems to be a lack of harmonization of different PRO measurement tools across trials.”
In another study, investigators who reviewed transcripts from 27 meetings of the FDA’s Oncology Drugs Advisory Committee (ODAC) from 2016 to 2021 found that PRO-related topics were mentioned in only 12, according to a report in JCO Oncology Practice.3 Of those, ODAC reviewers were satisfied with PRO assessments in only 2.
“During ODAC meetings, committee members and FDA reviewers expressed frustration at the lack of PROs captured in clinical trials for cancer treatments,” authors Ari Gnanasakthy, MBA, MS, and colleagues concluded.“Less than half of evidence packages for cancer treatments submitted for FDA review included PROs. Even when PROs were included in evidence packages, the PROs were rarely deemed adequate for benefit-risk assessments.”
They added: “Lack of credible PRO data in oncology clinical trials prevents regulators from making comprehensive and accurate assessments of the benefits and risks of new cancer treatments. Clinicians and patients, therefore, are forced to choose among treatment options without understanding the experiences of patients who were treated with these options.”
Influence on Formularies
Lack of PROs could adversely affect decisions about which medications are placed on health plan formularies and thus covered by insurance. A survey of health plan representatives (90% pharmacists, 56% pharmacy administrators) found that 78% of the 106 respondents thought PRO evidence is useful for providing additional context for safety of oncology therapies. In addition, 47% suggested that formulary reviews would be at least somewhat influenced by a lack of PRO evidence from oncology clinical trials.
“US payers view PRO evidence from both clinical trials and real-world studies as useful for supplementing traditional clinical trial data when making oncology formulary decisions and for refining treatment pathways and care delivery models,” investigators Gary Oderda, PharmD, MPH, and coauthors concluded in a 2022 paper in the Journal of Managed Care & Specialty Pharmacy.4 “Manufacturers of oncology therapies should collect and consider leveraging PRO evidence from both settings when engaging with US payers.”
Primacy of Objective Data
Although PROs, which are subjective, can provide FDA reviewers with additional information to consider, objective data must be the foundation for evaluating a drug except in cases in which a drug’s effectiveness can only be evaluated using PROs, said Peter Lurie, MD, MPH, President and Executive Director at the Center for Science in the Public Interest in Washington, DC, and former Associate Commissioner for Public Health Strategy and Analysis at the FDA.
For example, in clinical trials of pain drugs, investigators have to rely on PROs to gauge effectiveness because changes in pain perception in response to treatment are subjective. This is not the case with diseases such as cancer for which objective measures are available, Dr Lurie said. Those measures, and not patient opinion, must provide the basis for approval. Cancer drugs “should not be coming onto the market because the majority of patients think the drugs work for them,” he said.
Dr Lurie asserted, “Encouraging assessment of PROs is definitely a good idea; making it a required part of the primary assessment of safety and efficacy probably is not.”
The American Society of Clinical Oncology said in an emailed statement that it “recommends that trialists consider including attributes of accessible and equitable research, such as patient-reported outcomes, in the design and conduct of all clinical trials, as understanding how patients are affected by a therapy is paramount.”
FDA’s Efforts
Through its Patient-Focused Drug Development initiative established in 2012, FDA has been working to improve data collection and reporting in clinical trials. As part of that effort, the agency issued 2 guidance documents in November 2023: “Submitting Clinical Trial Datasets and Documentation for Clinical Outcome Assessments Using Item Response Theory” and “Submitting Patient-Reported Outcome Data in Cancer Clinical Trials.” The primary goal is to incorporate the patient’s voice in the drug development and evaluation.
“PROs play an important role in assessing the patient experience with a medical product, and can provide valuable evidence for regulators, payers, and health system administrators,” the agency said in an email. “FDA is working collaboratively to increase appropriate use and increase the value of PROs as evidence in regulatory decisions and for other, non-FDA purposes.”
The agency added, “In premarket studies, the patient perspective and experience are often complementary to clinical and other biological measures when evaluating the safety and effectiveness of candidate medical products.”
In the agency’s view, PROs are already having a positive impact on the product approval process. “The existence of well-established and researched PROs has benefited the ability to make regulatory decisions directly related to patient impact,” the agency wrote. “The development and continued research on PROs facilitated through FDA guidance efforts benefits FDA’s ability to include patient’s perspectives in meaningful ways.”
Studies demonstrate an increase in PRO assessments in clinical trials. The proportion of clinical trials registered with the ClinicalTrials.gov website that included use of 1 or more PRO measures rose from 14% during 2004-2007 to 27% in 2007 to 2013, according to separate studies.5,6 A review of PRO assessments in phase 1 oncology clinical trials registered in the same website found that the proportion of trials using 1 or more PRO measures rose from 0.6% of trials initiated prior to 2000 to 3.4% of trials initiated from 2015 to 2019, investigators reported in Oncology.7
PRO Reporting Issues
Amid the rise in PRO assessments in trials, shortcomings in PRO data reporting, such as delays in publication, have become apparent, as demonstrated in a review of 40 pivotal clinical trials leading to the approval of 40 genitourinary (GU) cancer drugs from February 2007 to July 2022. PRO data was published for 27 trials (67.5%). Of these, 4 (15%) included preliminary PRO results in the primary publication of clinical data, a team led by Jad Chahoud, MD, MPH, of H. Lee Moffitt Cancer Center in Tampa, Florida, concluded in a 2024 paper published in eClinicalMedicine.8 For 23 studies, PRO results were reported in a secondary dedicated paper. The median time from primary publication of results to publication of the corresponding secondary PRO data was 10.5 months.
Moreover, the investigators identified problems with the quality of PRO reporting as assessed using the PRO Endpoint Analysis Score (PROEAS), a scale with 24 items describing some aspect of PRO reporting and analysis. A score of 1 is assigned to an item that is clearly reported, and a score of 0 is assigned to an item that is unclear or not reported. Of 30 randomized controlled trials in the study’s dataset, 20 reported PRO data in a dedicated secondary manuscript. The median PROEAS score for the 20 trials was 11.1 out of 24.
“Low overall PROEAS score and delays in PRO data publication in GU cancer drug trials conducted in the past decade emphasize the need for improvement in quality of design and conduct of PRO endpoint in future trials and accelerated publication of PRO endpoints, using standardized analysis, and prespecified hypothesis driven endpoint,” Dr Chahoud and colleagues wrote.
PROMIS
Many of the PRO measures used in clinical trials in recent years are products of the Patient-Reported Outcomes Measurement System (PROMIS) initiative launched in 2004 by the National Institutes of Health to develop and strengthen PRO measures for use in research and clinical settings. PROMIS has developed more than 300 measures of physical, mental, and social health designed to be relevant across all conditions for the assessment of symptoms and functions. “PROMIS is now the gold standard for patient-reported outcome (PRO) measurement,” Edward Haksing Ip, PhD, of Wake Forest University in Winston-Salem, North Carolina, wrote in a 2021 editorial accompanying a special edition of Psychometrika focusing on lessons learned from PROMIS.
PROs Not Always Appropriate
Despite the potential usefulness of PROs in the drug approval process, efforts to assess them might not be relevant or appropriate for all clinical trials. “PROs have an important role and should be considered in most drug trials, but may not be appropriate in every setting,” medical oncologist Tomasz M. Beer, MD, who has participated in numerous clinical trials, said in an interview. He added that “while PROs are an invaluable tool to better understand the patient experience, like any important outcome measure, they should be used when clinically and scientifically indicated. That is often, but not always.”
He pointed out that PRO assessments may be unwarranted when a trial is of insufficient size (as with a small pilot study) to enable meaningful measurement of PRO end points, or when the PRO effect of a particular drug treatment has been robustly evaluated and is well understood. “These are circumstances where a requirement for PROs may not add value,” said Dr Beer, Chief Medical Officer for Multi-Cancer Early Detection at Exact Sciences in Madison, Wisconsin, and adjunct professor of medicine at Oregon Health & Science University’s Knight Cancer Institute in Portland.
Another consideration is limited resources. “It is also important to remember that adding elements to studies increases the burden on participants, study staff, and costs to sponsors,” Dr Beer explained. “We have a responsibility to be thoughtful about when an element adds value and when it does not add meaningful value. Adding cost, complexity, and burden can have undesirable consequences that are not always visible, for example, fewer resources for other important features of the study, for outreach, or even smaller study sample sizes than might otherwise have been possible.”
"
["post_title"]=>
string(70) "Patients’ Voices Largely Absent From FDA Reviews of New Cancer Drugs"
["post_excerpt"]=>
string(186) "The FDA encourages collection and reporting of patient-reported outcomes (PROs) in clinical trials, but a substantial proportion of applications seeking product approval lack these data."
["post_status"]=>
string(7) "publish"
["comment_status"]=>
string(6) "closed"
["ping_status"]=>
string(6) "closed"
["post_password"]=>
string(0) ""
["post_name"]=>
string(67) "fda-cancer-drugs-approvals-patient-reported-outcomes-largely-absent"
["to_ping"]=>
string(0) ""
["pinged"]=>
string(0) ""
["post_modified"]=>
string(19) "2024-04-23 10:15:25"
["post_modified_gmt"]=>
string(19) "2024-04-23 14:15:25"
["post_content_filtered"]=>
string(0) ""
["post_parent"]=>
int(0)
["guid"]=>
string(45) "https://www.renalandurologynews.com/?p=132466"
["menu_order"]=>
int(0)
["post_type"]=>
string(4) "post"
["post_mime_type"]=>
string(0) ""
["comment_count"]=>
string(1) "0"
["filter"]=>
string(3) "raw"
}
[2]=>
object(WP_Post)#12183 (24) {
["ID"]=>
int(130809)
["post_author"]=>
string(4) "3682"
["post_date"]=>
string(19) "2024-04-19 09:05:00"
["post_date_gmt"]=>
string(19) "2024-04-19 13:05:00"
["post_content"]=>
string(6223) "
As advancements in artificial intelligence (AI) continue to revolutionize health care, data suggest growing acceptance of the technology by medical organizations and patients. Health care providers are spending heavily on IT and adopting new computer-generated tools, and a recent Cleveland Clinic national survey found that 3 in 5 Americans believe that AI will lead to better heart care.
Individuals are still cautious about how they use AI when it comes to their health. The Cleveland Clinic survey showed that 72% of individuals believe the health advice they receive from a computer chatbot is accurate, but 89% said they would still seek doctor’s advice before acting on chatbot recommendations. The online survey was conducted among 1000 people aged 18 years or older. Respondents were nationally representative regarding age, gender, region, education, household income, race/ethnicity, and urban/rural residency.
Most Americans using health monitoring technology are experiencing significant physical and mental benefits. According to survey responses, 79% have noticed positive changes to their physical or mental health. The survey found that 60% of Americans track their daily step count and 53% monitor their heart rate/pulse. It also showed that 40% track their burned calories, 32% track their blood pressure, and 53% say they began exercising more regularly after using wearable technology to monitor their health.
The survey showed that due to monitoring technology, 50% are getting in more steps per day and 34% are improving their eating habits. Further, 27% are more intentional about finding time to de-stress and relax.
Health care providers are spending heavily on IT, suggesting that technology is becoming a leading strategic priority for health care practices. In a survey of 201 health care provider executives in the United States conducted in June 2023 by Bain & Company and KLAS Research, 56% of respondents cited software and technology as among their top 3 strategic priorities compared with 34% in 2022.
The survey showed that 75% of respondents expect growth in software and technology spending to continue over the next 12 months. Revenue cycle management and clinical workflow optimization remain top areas of investment, according to the survey. However, patient engagement has moved up the list of priorities, particularly among more advanced or digitally mature providers.
E. Scot Davis, of Little Rock, Arkansas, a member of the LUGPA (Large Urology Group Practice Association) Board of Directors with nearly 30 years of experience in physician practice management, said the demand for urologic services is increasing while the supply of urologists available to treat patients is suboptimal. “Practices must find innovative ways to meet the needs of our patients,” he said. “Physicians and advanced practice providers can only see so many patient encounters in a day, and burnout among urologists is one of the highest of all specialties.”
The use of AI combined with emerging telephone technologies may offer solutions to ease this challenge. “Perhaps the number 1 complaint heard among my colleagues is the vast number of phone calls that need to be answered on a daily basis,” Davis said. “Practices might consider utilizing interactive voice recognition (IVR) software in conjunction with live operators to be able to meet the patients' needs as well as reduce costs.”
Urology practices must evaluate each touchpoint, from initial patient contact to clinic visit and culminating with billing and follow-up, and consider how AI and technology can help improve the patient experience and reduce costs, according to Davis. Many electronic medical record systems have "bolt-on" products to improve pre-authorization processes. The systems also have automatic coding software, integrated patient responses directly into the patient chart, and methods to improve the collections process.
“Urology practices must embrace and implement AI and technology,” Davis said. “Obviously, any technology that improves the overall patient experience is good for the patient and the practice. Additionally, there will be a positive financial impact to the practices adopting AI and technology, if implemented correctly and timely.”
Emerging trends show technology is improving patient engagement through the use of IVR, triage software utilizing conversational chatbots, and self-scheduling tools for patient ease. From an administrative side, Davis said he foresees practices adopting more pre-authorization software technology combined with billing and coding applications to drop claims quicker with greater accuracy.
“This feature will feed well into an interactive dictation tool for providers to document more easily and efficiently, he said. “All of this technology and AI adoption will require an acceptance and change by the providers who must first believe the software will work, and secondly, will trust it can do it as well as they can do it. Without those, much time and effort and money will be spent without any useful benefits.”
"
["post_title"]=>
string(65) "Artificial Intelligence Gaining Greater Acceptance in Health Care"
["post_excerpt"]=>
string(99) "In a national survey, 72% of individuals believe health advice from a computer chatbot is accurate."
["post_status"]=>
string(7) "publish"
["comment_status"]=>
string(6) "closed"
["ping_status"]=>
string(6) "closed"
["post_password"]=>
string(0) ""
["post_name"]=>
string(65) "artificial-intelligence-gaining-greater-acceptance-in-health-care"
["to_ping"]=>
string(0) ""
["pinged"]=>
string(0) ""
["post_modified"]=>
string(19) "2024-03-04 12:48:25"
["post_modified_gmt"]=>
string(19) "2024-03-04 17:48:25"
["post_content_filtered"]=>
string(0) ""
["post_parent"]=>
int(0)
["guid"]=>
string(45) "https://www.renalandurologynews.com/?p=130809"
["menu_order"]=>
int(0)
["post_type"]=>
string(4) "post"
["post_mime_type"]=>
string(0) ""
["comment_count"]=>
string(1) "0"
["filter"]=>
string(3) "raw"
}
[3]=>
object(WP_Post)#12167 (24) {
["ID"]=>
int(130147)
["post_author"]=>
string(4) "3682"
["post_date"]=>
string(19) "2024-04-18 09:05:00"
["post_date_gmt"]=>
string(19) "2024-04-18 13:05:00"
["post_content"]=>
string(8062) "
A recent federal cybersecurity advisory is urging health care providers to immediately adopt phishing-resistant multi-factor authentication (MFA) for all administrative access. Providers should put systems in place that verify implementation of new sign-in procedures, implement network segregation controls, and change and remove or deactivate all default credentials.
The advisory was issued by the Cybersecurity and Infrastructure Security Agency (CISA), which conducted a Risk and Vulnerability Assessment (RVA) last year to identify vulnerabilities and areas for improvement. An RVA is a 2-week penetration test of an entire organization, with 1 week spent on external testing and 1 week spent assessing the internal network. As part of the RVA, the CISA assessment team conducted web application, phishing, penetration, database, and wireless assessments. The team assessed a large organization deploying on-premises software.
During the 1-week external assessment, the team did not identify any significant or exploitable conditions in externally available systems. The assessment team was unable to gain initial access to the assessed organization through phishing. During internal penetration testing, however, the team exploited misconfigurations, weak passwords, and other issues through multiple attack paths to compromise the organization’s domain.
In coordination with the assessed organizations, CISA is releasing a new Cybersecurity Advisory (CSA) detailing the RVA team’s activities and key findings to provide network defenders and software manufacturers with recommendations to improve organizations’ and customers’ cyber posture.
“The threat is greater than ever,” said Tamer Baker, a specialist in cybersecurity and the Healthcare Chief Technology Officer at Zscaler, which has its headquarters in San Jose, California. More than 100 million people and 500 hospitals in the United States alone have been impacted by breaches just in 2023, he said.
IT security equals patient security, Baker said. The average financial impact of a health care breach is now $11 million, which far exceeds the spending required to get proper security, according to Baker. “The advisory is long overdue; however, it is still not enough,” he said. “What’s needed is going to be more along the lines of what the state of New York has been leading the charge with. They are not only going to be putting in more regulations and requirements with some enforcement, but are also providing funding to help health systems achieve these goals.”
Impact on Patient Care
Cyberattacks adversely impact patient care in a serious way, and have been associated with extended hospital stays and increased mortality. “According to a national study conducted by Ponemon Institute, these cyberattacks have led to 56% longer hospital lengths of stay and 53% increase in mortality rate,” said Baker, who assists health care organizations, state and local governments, and educational institutions in their digital transformation efforts. Cyberattacks in just the last 12 months have caused thousands of patients to be transferred or diverted to other facilities. The attacks were associated with delays in procedures and tests, increased complications and poor outcomes.
From a user credential perspective, MFA is a good first step, but not enough, according to Baker. Bad actors have found several ways to get through MFA using vectors like MFA-bombing as an example. This is a social engineering cyberattack strategy whereby attackers repeatedly push second-factor authentication requests to the target victim's email, phone, or registered devices. “We need to stop users from ever reaching phishing sites to begin with,” he said. “A big step will be to have security in place which blocks phishing attempts no matter if the user is on-network or off-network (working from anywhere).”
CISA encourages health care providers who are deploying on-premises software, as well as software manufacturers, to apply the recommendations in the mitigations section of the CSA in the new advisory. It is hoped that these recommendations can harden networks against malicious activity and reduce the likelihood of domain compromise.
Offline Security Systems
“A way to stop attacks directly on applications and infrastructure is to just remove them from the internet,” Baker said. “Hide these applications and infrastructure behind a security cloud so the bad actors can’t even find them on the internet. This same security cloud can connect your users to the applications securely.”
In addition to applying the newly listed mitigations, CISA recommends exercising, testing, and validating an organization’s security program against the threat behaviors mapped out in the advisory.
Frank Nydam, the CEO of Tausight, health care’s first AI-powered data security company, said health care providers remain a prime target of cybercriminals, and there is no sign of this trend abating. In the first 6-months of 2023 alone, he said, 325 covered entities reported data breaches to the US Department of Health and Human Services Office for Civil Rights (OCR). This represents an 86% increase from the same period in 2022. “Not only have cyberattacks become more frequent, but they have also become more costly, both from a financial perspective and a patient outcome perspective,” Nydam said.
Mostly Basic Cyber Hygiene
Many health care providers may think they need multiple layers of advanced tools, but Nydam said most of the time all about the fundamentals: “Basic cyber hygiene and understanding where your data are. That’s critical and often overlooked.” These strategies include regular patch updates for vulnerabilities, basic device encryption, monitoring business associates for their access to your data, and following strict access management practices like MFA. Common mistakes include failing to put a cyber response playbook in place,” Nydam said.
Other common oversights include not encrypting and patching machines, and not having proper data recovery systems in place. The most important items on a to-do list can be summarized simply. “Start cleaning up your house,” he said. This includes a data assessment to understand where your sensitive data lives, Nydam said. “House-cleaning steps like this can significantly reduce the attack surface, so that when a cyberattack does occur, it impacts far fewer patients.”
"
["post_title"]=>
string(65) "Federal Advisory Urges Health Providers to Enhance Cyber Defenses"
["post_excerpt"]=>
string(168) "The average financial impact of a health care breach is now $11 million, which far exceeds the spending required to get proper security, cybersecurity specialist says. "
["post_status"]=>
string(7) "publish"
["comment_status"]=>
string(6) "closed"
["ping_status"]=>
string(6) "closed"
["post_password"]=>
string(0) ""
["post_name"]=>
string(65) "federal-advisory-urges-health-providers-to-enhance-cyber-defenses"
["to_ping"]=>
string(0) ""
["pinged"]=>
string(0) ""
["post_modified"]=>
string(19) "2024-04-03 10:32:11"
["post_modified_gmt"]=>
string(19) "2024-04-03 14:32:11"
["post_content_filtered"]=>
string(0) ""
["post_parent"]=>
int(0)
["guid"]=>
string(45) "https://www.renalandurologynews.com/?p=130147"
["menu_order"]=>
int(0)
["post_type"]=>
string(4) "post"
["post_mime_type"]=>
string(0) ""
["comment_count"]=>
string(1) "0"
["filter"]=>
string(3) "raw"
}
}
