CTeL Fall Summit: Q & A with Cybersecurity Experts

On November 18, attendees of the CTeL Fall Telehealth Summit will turn their attention to an urgent concern: how to protect health data in a world of increasing cyber-threats.

Panelists for the session, “Held for Ransom: Protecting Yourself Against Cybersecurity Threats” will include two experts in cybersecurity for health care organizations: Robert Hudock, Esq. and Adam Solander, Esq., both of Epstein Becker & Green, P.C.

Here is a “sneak peek” Q & A with our speakers introducing the issues this panel will address:

Who should attend this presentation?

This presentation will assist you in preparing a meaningful and practical risk mitigation plan to address emerging threats, including ransomware and advanced persistent threats.  We will also discuss industry security trends and regulatory enforcement.  We have tailored the presentation to provide important content for
•    company leadership,
•    risk managers,
•    information security professionals,
•    compliance managers, and
•    legal professionals.

A recent study found that 88% ransomware attacks were perpetrated against the healthcare industry.  Why are hackers targeting the health sector with ransomware?

Historically, healthcare organizations have had a different risk profile than financial companies concerned with keeping money safe.  The information held by financial companies—credit cards and bank accounts—are readily convertible into cash, and consequently hackers focused on the financial industry.

Ransomware has provided a pathway for hackers to monetize their illegal access to healthcare systems.  As more organizations pay the ransom, more hackers will see this as a winning business model.

Why and how should an organization perform a HIPAA-compliant risk assessment?

The risk assessment is the foundational step in any information security management program.  If done correctly, this process will help an organization identify threats to its information systems and where the organization may be vulnerable to threats.  This process allows an organization to develop an actionable plan to reduce the risk associated with information security threats to a reasonable level.

Additionally, the HIPAA Security Rule requires an organization to perform a risk assessment, and the Department of Health and Human Services, Office for Civil Rights has imposed multiple high-dollar settlements against organizations that have either not performed a risk assessment at all or have not conducted an adequate risk assessment.

What are some trends you are seeing in healthcare information security?

Given the emerging threats, the healthcare industry is scrambling to increase the sophistication of its information security programs.  As a result, we are seeing many organizations pursue HITRUST certification, which allows organizations to organize their information security management programs around industry-recognized best practices and security controls.

We are also seeing many organizations take the time to better organize their incident response capabilities so that they are in a position to effectively respond to a breach when it happens.  Finally, many organizations have realized that their business partners are often the weakest links in their information security programs.  Therefore, we are seeing a movement toward more security oversight of business partners who handle sensitive information.


The Panelists:

Robert Hudock, Esq., Epstein Becker & Green, P.C. Mr. Hudock is a Member of the Firm in the Health Care and Life Sciences practice. He is also a member of the firm’s E-Health Group. Mr. Hudock’s practice covers data breach and response, national security law, cybersecurity, and global privacy and data security.

Mr. Hudock counsels clients on preparing for and responding to cyber-based attacks on their networks and information, assessing clients’ security controls and practices for the protection of data, developing and implementing information security programs, and complying with federal and state regulatory requirements.

Mr. Hudock has twice won the internationally-recognized Capture the Flag event, held each summer in Las Vegas at the Defcon Hacking Conference.

Adam Solander, Esq., Epstein Becker & Green, P.C. Mr. Solander is a Member of the Firm in the Health Care and Life Sciences Practice. He regularly advises clients on data breach and cybersecurity matters.

Mr. Solander is a Certified CSF Practitioner, a designation given by the Health Information Trust Alliance (HITRUST), an organization that provides training to develop and maintain effective security programs for health care and life sciences companies that comply with security laws, regulations, and standards.






Leave a Reply