PHI Perspectives – Digital Health and PHIPA

Posted on May 20, 2021

 

May 20th, 2021

 

Great guidance from the privacy and security industry continues to pour in as we learn more about the quickly evolving threats and requirements. In regulatory news the Ontario IPC has released guidance for understanding the recent PHIPA changes in the digital healthcare industry, and the IAPP has released a short guide on the proposed AI legislations in the EU. We have also included some helpful articles focused on combatting the latest trends in ransomware and email compromise attacks. As the ramifications of security breaches continue to grow (the average cost of a ransomware attack is over $300,000 now) it is becoming more crucial to proactively monitor your security through services like PHI Shield.

Digital Health and PHIPA

The IPC has provided guidance on navigating PHIPA while providing digital healthcare. This contains helpful information for any organizations working with Electronic Health Records or providing electronic health services directly to consumers.

New Ransomware Extortion Tactics

A look into the latest triple extortion tactics of ransomware attacks. Previously the ransomware playbook included extorting payment to decrypt your stolen data, while also threatening to leak the data publicly. Hackers have now begun adding a third approach, demanding payment from the customers, users, or any other third parties that would be affected by the breach. In the ransomware cases in healthcare this has led to demands for payment from the attacked clinic, as well as smaller demands for payment from all the clinic’s patients. Healthcare remains the most targeted industry by ransomware.

Office 365 Business Email Compromise

All Office 365 users should keep an eye on this trend in business email compromise attacks. Attackers are taking advantage of malicious apps to gain access to emails, contacts, and files without requiring a login or 2FA. The article includes helpful tips on avoiding and remediating this style of attack.

AI Legislation in the European Union

A short guide to the proposed AI regulation in the EU. While much of the regulation focuses on “high risk AI” there are useful approaches for all AI developers; The impact of AI should be assessed before development and continue until the after it is shut down, AI should be designed in such a way that human oversight is guaranteed, and individuals should understand that they are dealing with an AI system.

Cyber-Insurance Premiums up 50%

Cyber-insurance premiums have increased by up to 50% this year as the telehealth industry becomes more and more vulnerable to ransomware attack. On top of rising premiums, we’re also seeing more stringent requirements, more limited coverage, and higher deductibles.

 

Get in Touch

Any questions? We'd be happy to help.