Welcome back to the Medical Web Experts Security Bulletin. Below are some recent developments that may impact your organization, as well as our recommendations for keeping your systems secure.
The state of Virginia has passed the Consumer Data Protection Act, which is similar to California’s CCPA. This new law defines how controllers (i.e. a person or group that determines how collected data is used) should collect, handle, and share personal information.
If your organization does business in Virginia, you need to be ready for this (and for similar laws that other states could introduce in the future). Medical Web Experts offers a number of compliance audits, including California’s CCPA, Virginia’s CDPA, Europe’s GDPR, ADA, HIPAA, and more. Contact us to learn how to get your website, apps, and portals compliant.
The story of Vastaamo is one that shows just how devastating a hack can be for a business. Ever since hackers held private mental health services company Vastaamo’s patient data ransom for nearly half a million euros, the company has been in both PR and financial trouble. Vastaamo lost much of their clientele after the scandal, and the business can no longer support itself.
This story serves as an example of just how important it is to keep PHI or PII secure, and to have strong risk assessment and security policies in place.
Microsoft has created an automatic mitigation tool to contain security incidents caused by the bugs that have affected millions of exchange servers in the past few weeks. We recommend turning on all automatic updates for these security tools on your servers and workstations. Even though Microsoft had already released patches to address these bugs, thousands of servers are still at risk and are being exploited because they don’t have the latest patches.
No details have emerged, but an Australian health center had to disconnect large parts of its IT networks and devices after a security incident. This incident had a direct impact on scheduled surgeries and procedures.
Again, this news shows just how problematic a hack can be in sensitive industries like healthcare. Having a strong security plan and policies in place, and segmenting these critical or delicate systems (as well as their data), would help prevent major disruptions.