CaptureRx US Healthcare Co. Attack Exposes Patient PHI

BACKGROUND:

An attack on CaptureRX, which helps healthcare providers administer 340B programs (which let those serving vulnerable patient populations purchase outpatient drugs at discounted prices), has exposed patients’ names, date of birth, and prescription information.  Cybersecurity experts offer perspective.

Subscribe
Notify of
guest

2 Expert Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Dr. Chenxi Wang
Dr. Chenxi Wang , General Partner
InfoSec Expert
May 11, 2021 3:04 pm

<p>For healthcare providers that have a large amount of patient data that can fetch a handsome price in the underground market, ransomware represents a significant risk. To protect infrastructure against ransomware, organizations need to establish a rigorous vulnerability discovery and patching cadence, train users/employees to be extra vigilant against phishing, and verify security controls are working properly.</p>

Last edited 1 year ago by Dr. Chenxi Wang
Garret F. Grajek
InfoSec Expert
May 11, 2021 2:58 pm

<p>All PHI, Personal Health Care information falls under HIPAA guidance. There are stated rules of practice for enterprises who handle PHI to follow. When a breach occurs and PHI is determined to be exfiltrated to non-permissioned users, an investigation can and usually does occur – conducted by the OCR, the U.S. Government\’s Office of Civil Rights. They will determine if the proper practices of data governance have been followed.  Often, they determine that these practices have not been followed and fines are put in place, such as when Athens Orthopedic was fined $1.5M in 2020 and Lifespan Health System fined $1.04M in 2020.</p> <p> </p> <p>Data Governance starts with the HIPAA-prescribed regular access reviews, examining each reviewer who has access to data and applications, what data access privileges have changed, and who approved such changes in the last audit period.</p>

Last edited 1 year ago by Garret F. Grajek
Information Security Buzz
2
0
Would love your thoughts, please comment.x
()
x