Identity Theft

U.S. Healthcare System Faces Mounting Cybersecurity Risks

Vandenack Weaver LLC Electronic Health Care, Healthcare Law , , , , ,

The heightened use of technology in healthcare is coupled with mounting cyberattacks. Recently, the healthcare industry experienced a global cyberattack when malicious software targeted the industry. The attack hit Britain’s National Health Service the hardest, affecting sixty-five of its hospitals. Cyberattackers stole healthcare information after using phishing emails to take control of the organizations’ computers, encrypting the computers’ information, and threatening to release the patient information contained on the systems if the organizations failed to satisfy payment demands.

According to the U.S. Department of Health and Human Service’s Office for Civil Rights, over 100 million Americans’ health records were divulged in 2015. In early 2017, Experian predicted the health care industry would be the biggest target for an attack. Moreover, an Identity Theft Resource Center report revealed that more than 25% of all data breaches occurred in the healthcare industry, costing an estimated $5.6 billion each year.

Congress created the Health Care Industry Cybersecurity Task Force through the Cybersecurity Act of 2015 to examine the healthcare industry’s vulnerabilities and create solutions to the cyber threats that place millions of patients’ information at risk each year. In light of the recent attack, the task force investigated the state of health information systems security in the U.S. and found a desperate need to increase health IT security.

In its report to Congress, the task force made a series of recommendations that suggested how to fend off the increasing threats. Among others, the recommendations include creating programs to cleanse healthcare organizations of vulnerable hardware and software and inserting more people with security skills into the healthcare field. The report emphasizes that failure to intervene could lead to catastrophic losses for organizations and patients.

The task force notes that the successful implementation of its recommendations will require significant time and resources, but it hopes the government will promptly respond to its report with efforts to improve cybersecurity in healthcare organizations.

The task force notes that the successful implementation of its recommendations will require significant time and resources, but it hopes the government will promptly respond to its report with efforts to improve cybersecurity in healthcare organizations.

 

© 2017 Vandenack Weaver LLC
For more information, Contact Us

Doctors and Other Small Businesses are Not “Creditors” Under Red Flags Rule

emilyreiling Red Flag Rules , , ,

The President has signed a bill that clarifies the term “creditor” in the Red Flags Rule, excluding doctors and other small businesses.

The Red Flag Program Clarification Act of 2010 limits application of the Red Flags Rule to creditors that regularly and in the ordinary course of business: (1) obtain or use consumer reports, directly or indirectly, in connection with a credit transaction; (2) furnish information to certain consumer reporting agencies in connection with a credit transaction; or (3) advance funds to or on behalf of a person, based on a person’s obligation to repay the funds or on repayment from specific property pledged by or on the person’s behalf.

The Red Flags rule was developed under the Fair and Accurate Credit Transactions Act, where Congress directed the Federal Trade Commission and other agencies to develop regulations requiring creditors and financial institutions to address the risk of identity theft. The resulting rule requires all such entities that have covered accounts to develop and implement written identity theft prevention programs to help identify, detect and respond to patterns, practices or specific activities – known as “red flags” – that could indicate identity theft.

The Red Flag Program Clarification Act clarifies that small businesses such as doctor’s offices are not classified as creditors because they do not offer or maintain accounts that pose a risk of identity theft.

© 2011 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com

 

Healthcare Professionals Ask FTC for Exemption from Red Flag Rules

emilyreiling Red Flag Rules , , , ,

The heads of the American Medical Association, the American Dental Association, the American Osteopathic Association, and the American Veterinary Medical Association have asked the Federal Trade Commission (“FTC”) to declare that its identity theft prevention rules (the “Red Flag Rules”) do not apply to their licensed professionals.

Following the November 2009 United States District Court decision in American Bar Association v. FTC, which held that the Red Flag Rules did not apply to legal professionals, the healthcare organizations decided to issue a joint letter to the FTC requesting the same treatment.  The healthcare organizations specifically requested that the FTC:  (1) announce that the rules will not be applied to licensed health care professionals until at least ninety days after the final resolution of the ABA litigation; and (2) commit that if the result of the final ABA litigation is that the Red Flag Rules will not be applied to lawyers, the FTC will provide the same exemption to licensed health care professionals.

The letter discussed the great cost and burdens on healthcare professionals in complying with the Red Flag Rules and stated that if lawyers were exempt from the rules, it would be unfair to subject healthcare professionals to them.

© 2010 Parsonage Vandenack Williams LLC

  For more information, contact info@pvwlaw.com