In this episode of the Two Minute Drill, Drex shines a light on the surge of cyber incidents impacting healthcare, with Lurie Children's and St. Anthony's Hospital at the forefront. 2023 marks a record-breaking year for health system breaches in the U.S., surpassing previous records with 734 breaches. We delve into the role of third parties in these breaches and the significance of new voluntary cyber performance goals from HHS. Plus, learn about Florida's proposed legislation offering a safe harbor for organizations implementing reasonable security measures. Join our community effort in shaping cybersecurity awareness and action within the healthcare industry.
Contributions & Community:
Become part of the conversation and help shape future episodes by contributing stories and insights. Visit thisweekhealth.com/news and click on "Become a Contributor."
Stay Connected:
Don't miss out on our upcoming episodes focused on hacking healthcare. Follow our podcast, like and share this post to spread the word, and join the new 229 cyber and risk community for more in-depth discussions and resources.
Stay Informed, Stay Secure:
Visit thisweekhealth.com/security for more information and resources to bolster your cybersecurity knowledge and defenses.
Remember, Stay a little paranoid.
Hey everyone, I'm Drex, and this is the Two Minute Drill. We do at least three security stories at least two times a week, all part of one great community, the 229 cyber and risk community. Here's some stuff you probably want to know about. By now you may have heard that Lurie Children's in Chicago has been hit by a cyber incident.
We don't know all the details, but apparently they're working with outside experts and law enforcement agencies. Turns out that just a few weeks earlier and just a few miles away, St. Anthony's Hospital was also hit by a cyber attack. 2023 officially became the worst year ever for major health system breaches in the U.
S. 2015 held that record for the longest time, but 2023 with 734 reported breaches, exposing over 135 million individual records, has taken the crown for the most protected health information exposed in a year. Third parties, turns out, were involved in about 40 percent of the breaches reported, totaling about two thirds of all the records breached.
Last week I talked about new voluntary cyber performance goals, CPGs, from Health and Human Services. If you're not paying attention, you probably should be. Because at the state level, it looks like Florida is on its way to advancing a piece of legislation that would create a safe harbor for organizations that have in place Reasonable security measures at the time of the breach.
That includes stuff like adhering to NIST or ISO frameworks. The devil is, of course, in the details. Florida joins Ohio, Utah, Connecticut, and others, creating limited liability for organizations that can show they were trying hard to be secure. One way to become part of the 229 Security Community is to help crowdsource the stories I talk about here.
Just hit ThisWeekHealth. com slash news. Then click on become a contributor. It's super easy. You'll get a text number and you'll be able to just text stories that you want to share to that number and we'll vet them and then we'll get them onto the site. That's also the place where I drop all the stories I talk about here on the two minute drill.
Please like and share and tag folks who should listen to this post. By the way, I'm on my way. Thursday morning to a double 229 summit in California. Both CIOs and CISOs will be having events at the same time. I'm really looking forward to hanging out with some of my biggest heroes, the folks who are making healthcare better, faster, cheaper, safer, and easier to access for patients and families.
Want to know more? Hit me up at drex at thisweekhealth. com or check out the new 229 Cyber and Risk Community at thisweekhealth. com security. Stay a little paranoid and I'll see you around campus.