Data privacy is important to each US citizen, and it is undoubtedly one of the most important subjects that all Americans agree upon. But UNM Health, including UNM Hospital, UNM Medical Group, Inc., and UNM Sandoval Regional Medical Center waited until late summer to report to 637,232 US citizen’s that their PII and other data was breached in May. That is several months late. That is an issue. Second, in the University of Vermont Health Network breach, it was reported publicly that a regular sign on to the network gave employees access to all records. In the UNM incident, it appears that one breach of the system gets access to all records. That is an issue.
Cyber vulnerabilities are prevalent in the US hospital systems and grow even larger when remote associated medical offices have open access to all patient data. The University of Vermont Health Network already stated that they will change their system to restrict access. The question is when will the US health systems develop the capability to protect data. It will happen with three actions. Meet the NIST CSF standard, put CSF requirements in their Service Agreements and only use certified third-party vendors.
Related article: UNM Health alerts patients about major cybersecurity attack | KOB 4
Any organization that wants to build a strong Cyber defense needs to use certified and compliant partners. That is TechR2.