Senate Health Committee Passes Healthcare Legislation
The U.S. Senate’s Health, Education, Labor and Pensions, known as the HELP Committee, passed new cyber security legislation to incentivize cyber security with healthcare organizations. The legislation called the Lower Health Care Costs Act of 2019 encourages healthcare related businesses to improve their cyber security infrastructure and policies. The goal is to improve patient outcomes, strengthen cyber security by incentivizing improvements with reduced fines for violations of the Health Insurance Portability and Accountability Act (HIPAA). In exchange for implementing a robust enough cybersecurity program, the annual cap on HIPAA fines for compliant organizations would be reduced to $25,000 from $1.5 million.
Las Vegas Vows Not to Pay Hackers
The U.S. Conference of Mayors took a stand against paying ransoms to hackers at their annual conference this year with a resolution. Hackers brought government services in three Florida cities: Key Biscayne, Riviera Beach, and Lake City as well as Baltimore, Maryland to a halt with a ransomware attacks this year. Baltimore refused to pay the $100k demanded by its hackers and spent over a month restoring its own IT system at the cost of $18 million.
Hackers can be thwarted with strong cyber security policies and defenses. All hardware and data must be backed up and kept separate. Cyber security defenses must involve employee training along with hardware and software that is kept up to date with the latest security patches. In the case of the Florida hacks, an employee was tricked into clicking on a link in a spear phishing email that initiated a malware download. The hackers were able to infiltrate the cities’ servers with ransomware and halt services while demanding a ransom. Riviera Beach, Florida voted to pay a ransom of $592,000 to restore services.
Premera Blue Cross Fined for Data Breach
Premera Blue Cross will be paying $10 million because of a data breach that affected 10.4 million people. Premera did not address well known cyber security violations which gave hackers access to customers’ personal data from May 5, 2014 to March 6, 2015. The company is being fined for violating the Health Insurance Portability and Accountability Act (HIPAA) and for violating the Washington State Consumer Protection Act for not addressing the vulnerabilities. For years, Premera had been warned by their own auditors and cyber security experts that their cyber security and data protection policies were inadequate.
Hackers were able to steal personal information of 10.4 million Premera subscribers’ health information, Social Security numbers, bank account numbers, names, email addresses, physical addresses, phone numbers, birthdates, and member ID numbers.