ACCORDING to the U.S. Department of Health and Human Services Office of the Inspector General (OIG), a report on a “large Southeastern hospital” found vulnerabilities in four internet-accessible web applications that could serve as vectors for a cyberattack.
The Entity, as described by the OIG, is a large hospital in the Southeast United States with more than 300 beds and a range of services including emergency, cardiac, neurology, maternity and radiology, and it is part of a network that shares protected health information for treatment, payment and healthcare operations.
The hospital had adopted the Health Information Trust Alliance (HITRUST) Common Security Framework (CSF), version 9.4, as its main cybersecurity control framework in effect at the time of testing, with an emphasis on protecting Medicare enrollees. The audit looked at whether the Entity deployed controls to prevent unauthorized intrusion, maintain continuity of care in a cyber event, and protect patient data. It also noted that the hospital would have difficulty detecting a data breach unless its defenses were tightened.