Fraud Management & Cybercrime , Ransomware , Video

Most Disturbing Health Data Breach Developments

Nicholas Heesters of HHS OCR Discusses Worrisome Trends in Cyber Defense
Nicholas Heesters, senior cybersecurity adviser, HHS OCR

Cybercriminals are becoming bolder in their attacks on healthcare entities and in how they're compromising patient data - and that's among the most worrisome developments regulators are seeing in their investigations into reported health data breaches, says Nicholas Heesters, senior cybersecurity adviser at the Department of Health and Human Services' Office for Civil Rights.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

When hackers infiltrate networks, "we see more and more of those 'multiple bites of the apple' that these cybercriminals are trying to get," he tells Information Security Media Group.

"In the past, they may have deployed ransomware and maybe encrypted system files and apps and other data. But now, before they do that, they're doing reconnaissance and trying to identify sensitive data, including protected health information," he says.

"They are exfiltrating that data not only to hold hostage … but also indicating that they will publish this data on one of their websites as an additional incentive to try to get the entity to pay the ransom," he says. "That's a disturbing trend."

In this video interview with Information Security Media Group, Heesters also discusses:

  • HIPAA enforcement trends;
  • How HHS OCR will consider the "recognized security practices" of covered entities and business associates as mitigating factors when determining potential enforcement actions in breach investigations and other HIPAA violation cases;
  • Important ways to improve the security and privacy of protected health information.

Heesters is an attorney and a certified information privacy professional with over 30 years of experience supporting technology and information security across many diverse industries.

About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity, ISMG

McGee is executive editor of Information Security Media Group's media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site and played a lead role in the launch of InformationWeek's healthcare IT media site.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.