Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Trustwave's 2024 Retail Report Series Highlights Alarming E-Commerce Threats and Growing Fraud Against Retailers. Learn More

Services
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Security
Unlock the full power of Microsoft Security
Offensive Security
Solutions to maximize your security ROI
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

$500,000 HHS Fine Underscores the Need for Security and Compliance in Healthcare

With the rise in cyberattacks and ransomware incidents, healthcare organizations face an increasing risk of data breaches that threaten patient privacy and HIPAA compliance.

The recent $500,000 settlement between the US Department of Health and Human Services (HHS), Office for Civil Rights (OCR), and Plastic Surgery Associates of South Dakota highlights the critical importance of robust cybersecurity defenses in healthcare.

The OCR’s investigation into the plastic surgery facility’s 2017 ransomware attack exposed significant vulnerabilities in the organization’s systems, including insufficient risk analysis, lack of security measures, and failure to review system activity regularly.

In its breach report to the agency, Plastic Surgery Associates of South Dakota reported it discovered that nine workstations and two servers were infected with ransomware, affecting the protected health information of 10,229 individuals. The credentials the hacker(s) used to access the network were obtained through a brute-force attack (hacking method that uses trial and error to guess passwords, login information, encryption keys) to their remote desktop protocol. After discovering the breach, Plastic Surgery Associates of South Dakota was unable to restore the affected servers from backup.

Trustwave, a leader in cybersecurity solutions, is uniquely positioned to help healthcare organizations with data breach prevention and maintain compliance with HIPAA standards. Trustwave’s elite SpiderLabs team constantly tracks the dangers facing the healthcare sector and offers mitigation recommendations. These were covered in the team’s recent report Cybersecurity in the Healthcare Industry: Actionable Intelligence for an Active Threat Landscape.

 

Understanding the Threat Landscape in Healthcare

Ransomware has become a formidable threat to the healthcare industry. Since 2018, large breaches involving ransomware attacks reported to the OCR have surged by 264%, HHS reported in the previously linked report, underscoring the need for healthcare organizations of all types and sizes to implement advanced cybersecurity best practices. Ransomware, a form of malware, encrypts an organization's data, blocking access until a ransom is paid. Hackers often exploit vulnerabilities such as weak credentials, inadequate risk assessments, and unpatched systems.

 

The HIPAA Security Rule and Its Implications

The HIPAA Security Rule requires healthcare organizations to implement administrative, physical, and technical safeguards to protect electronic personal health information (PHI). It also mandates regular risk assessments and the establishment of policies to address potential security incidents that if not undertaken can result in hefty fines.

The recent OCR settlement with Plastic Surgery Associates of South Dakota underscores that a failure to meet these requirements can result in significant financial and operational consequences.

For healthcare organizations striving to meet the stringent standards of HIPAA, proactive cybersecurity measures are essential to protecting PHI from unauthorized access and maintaining compliance.

Trustwave can help your healthcare organization comply with HIPAA.

Learn More

How Trustwave’s Cybersecurity Solutions Enhance HIPAA Compliance

Trustwave offers an extensive suite of cybersecurity solutions tailored to the healthcare industry’s specific needs, helping organizations strengthen their data defenses, mitigate risk, and stay HIPAA-compliant. Here’s how Trustwave can help:

  1. Comprehensive Risk Analysis and Assessment
    Trustwave’s Security Risk Assessment service helps healthcare organizations identify potential vulnerabilities to PHI within their systems. With a thorough risk analysis, organizations can recognize and address gaps in their security posture, enabling them to prioritize areas of improvement and implement effective controls, fulfilling a crucial HIPAA Security Rule requirement.
  2. Advanced Threat Detection and Incident Response
    In the event of a security incident, rapid response is critical. Trustwave’s Managed Detection and Response (MDR) service provides 24/7 monitoring, threat detection, and rapid incident response to help healthcare organizations mitigate the impact of ransomware in healthcare attacks and other cyber threats. Additionally, Trustwave’s Threat Hunting service proactively identifies advanced threats that traditional security systems might miss.
  3. Secure Access Controls and Vulnerability Management
    Trustwave enables healthcare cybersecurity providers to implement strong access controls, such as multi-factor authentication (MFA) and privileged access management, minimizing the risk of unauthorized access to ePHI. Trustwave also offers vulnerability management services to help identify, prioritize, and remediate vulnerabilities that hackers could exploit, reducing the chances of incidents like brute force attacks on remote desktop protocols (RDP).
  4. Policy and Compliance Management
    Trustwave assists healthcare organizations in developing and implementing robust security policies and procedures aligned with HIPAA regulations. By conducting regular system activity reviews, training staff, and addressing security incidents, Trustwave helps healthcare providers establish a proactive security culture that aligns with OCR’s expectations for HIPAA compliance.
  5. Backup and Recovery Solutions
    In the event of a ransomware attack, having reliable backup and recovery capabilities is crucial. Trustwave’s Disaster Recovery and Backup services ensure that critical data is securely backed up and quickly restored without needing to pay a ransom. This capability can significantly reduce the financial and operational impact of an attack.

 

Building Resilience and Trust in Healthcare

Trustwave’s cybersecurity solutions empower healthcare organizations to build a more resilient security framework, ensuring they can protect sensitive patient data while maintaining regulatory compliance. By leveraging Trustwave’s expertise, healthcare providers can proactively safeguard against ransomware, hacking attempts, and other threats that jeopardize patient privacy and trust.

Healthcare organizations face an increasingly complex cybersecurity landscape, with ransomware and hacking attacks posing significant risks to patient privacy and HIPAA compliance. The recent settlement with Plastic Surgery Associates of South Dakota shows that failing to meet the HIPAA Security Rule requirements can lead to substantial financial penalties and reputational damage.

Trustwave’s tailored cybersecurity solutions help healthcare organizations fortify their defenses, reduce vulnerabilities, and maintain HIPAA compliance. With Trustwave, healthcare providers can stay ahead of evolving cyber threats and ensure the security and confidentiality of their patients' data.

ABOUT TRUSTWAVE

Trustwave is a globally recognized cybersecurity leader that reduces cyber risk and fortifies organizations against disruptive and damaging cyber threats. Our comprehensive offensive and defensive cybersecurity portfolio detects what others cannot, responds with greater speed and effectiveness, optimizes client investment, and improves security resilience. Learn more about us.

Latest Intelligence

Discover how our specialists can tailor a security program to fit the needs of
your organization.

Request a Demo