Most Disturbing Health Data Breach DevelopmentsNicholas Heesters of HHS OCR Discusses Worrisome Trends in Cyber Defense
Cybercriminals are becoming bolder in their attacks on healthcare entities and in how they're compromising patient data - and that's among the most worrisome developments regulators are seeing in their investigations into reported health data breaches, says Nicholas Heesters, senior cybersecurity adviser at the Department of Health and Human Services' Office for Civil Rights.
When hackers infiltrate networks, "we see more and more of those 'multiple bites of the apple' that these cybercriminals are trying to get," he tells Information Security Media Group.
"In the past, they may have deployed ransomware and maybe encrypted system files and apps and other data. But now, before they do that, they're doing reconnaissance and trying to identify sensitive data, including protected health information," he says.
"They are exfiltrating that data not only to hold hostage … but also indicating that they will publish this data on one of their websites as an additional incentive to try to get the entity to pay the ransom," he says. "That's a disturbing trend."
In this video interview with Information Security Media Group, Heesters also discusses:
- HIPAA enforcement trends;
- How HHS OCR will consider the "recognized security practices" of covered entities and business associates as mitigating factors when determining potential enforcement actions in breach investigations and other HIPAA violation cases;
- Important ways to improve the security and privacy of protected health information.
Heesters is an attorney and a certified information privacy professional with over 30 years of experience supporting technology and information security across many diverse industries.