HHS releases voluntary cybersecurity practices for health industry

(Washington, DC – Insurance News 360) – On Dec. 28, the Department of Health and Human Services (HHS) released the “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients” publication. The four volume publication, aims to provide voluntary cybersecurity practices to healthcare organizations of all types and sizes, ranging from local clinics to large hospital systems.

This was report came from a mandate to develop practical cybersecurity guidelines to reduce risks for the industry, as part of the Cybersecurity Act of 2015 Section 405(d). The publication is an end of a two-year effort bringing together over 150 cybersecurity and healthcare experts from industry and the government under the Healthcare and Public Health (HPH) Sector Critical Infrastructure Security and Resilience Public-Private Partnership. It was the result of a true public-private partnership to better secure the nation’s health systems.

“Cybersecurity is everyone’s responsibility.  It is the responsibility of every organization working in healthcare and public health.  In all of our efforts, we must recognize and leverage the value of partnerships among government and industry stakeholders to tackle the shared problems collaboratively,” said Janet Vogel, HHS Acting Chief Information Security Officer.

Technologies that are vital to the healthcare industry and help provide life-saving treatments and improve patient care are also susceptible to attacks. They can be exploited for personal data or to shut down entire hospital systems.

“The healthcare industry is truly a varied digital ecosystem. We heard loud and clear through this process that providers need actionable and practical advice, tailored to their needs, to manage modern cyber threats. That is exactly what this resource delivers; recommendations stratified by the size of the organization, written for both the clinician as well as the IT subject matter expert.” said Erik Decker, industry co-lead and Chief Information Security and Privacy Officer for the University of Chicago Medicine.

The HICP publication aims to provide cybersecurity practices for this sector to improve the security and safety of patients. It recommends 10 Cybersecurity Practices to help mitigate these threats. It also lays out a call to action for all industry stakeholders, from C-suite executives and healthcare practitioners to IT security professionals, that protective and preventive measures must be taken now.

For more information on this effort and to download a copy of the publication, please visit the 405(d) website at www.phe.gov/405d.

Source: U.S. Department of Health and Human Services (HHS).

U.S. Department of Labor recovers $49,269 for employees after investigating overtime violations by Jacksonville, FL Company

(Jacksonville, FL – Insurance News 360) – Following an investigation by the U.S. Department of Labor Jacksonville-based Stone World Imports and Manufacturing, Inc. paid $49,269 in back wages to 21 employees. The investigation revealed that the company paid only straight time rates to employees, not overtime when warranted. The failure to pay time-and-a-half for hours worked above 40 in a work week is a violation of the Fair Labor Standards Act.

“The Fair Labor Standards Act requires employers to maintain accurate records of the number of hours employees work, and pay proper overtime when they work more than 40 hours in a workweek,” said Wage and Hour Division District Director Daniel White, in Jacksonville. “The Wage and Hour Division works to ensure that employees receive the wages they rightfully earned, and that employers compete on a level playing field. We encourage all employers to reach out to us and to use the wide variety of tools we offer to help them understand their responsibilities.”

For more information about the FLSA and other laws enforced by the Wage and Hour Division, contact the toll-free helpline at 866-4US-WAGE (487-9243). Employers who discover overtime or minimum wage violations may self-report and resolve those violations without litigation through the PAID program. Information is also available at https://www.dol.gov/whd.

Source: U.S. Department of Labor.

Edgar hacking case ends in charges by SEC

(Washington, DC – Insurance News 360) – On Jan. 15, the Securities and Exchange Commission charged nine individuals participating in a previously-disclosed scheme to hack the SEC’s EDGAR system to get non-public information for illegal trading.

Those charged are an Ukranian hacker, six individuals in California, Ukraine, Russia and two entities.

According to the SEC complaint, Ukrainian hacker Oleksandr Ieremenko hacked newswires, then turned his attention to EDGAR and, using deceptive hacking techniques, gained access in 2016. He extracted files containing non-public earnings results and passed the information to individuals who used it to trade before companies released info to the public. In total, the traders traded before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits.

“International computer hacking schemes like the one we charged today pose an ever-present risk to organizations that possess valuable information,” said Enforcement Division Co-Director Stephanie Avakian. “Today’s action shows the SEC’s commitment and ability to unravel these schemes and identify the perpetrators even when they operate from outside our borders.”

The SEC’s complaint alleges that the following traders received and traded on the basis of the hacked EDGAR information:

• Sungjin Cho, Los Angeles, California
• David Kwon, Los Angeles, California
• Igor Sabodakha, Ukraine
• Victoria Vorochek, Ukraine
• Ivan Olefir, Ukraine
• Andrey Sarafanov, Russia
• Capyield Systems, Ltd. (owned by Olefir)
• Spirit Trade Ltd.

In a parallel action, the U.S. Attorney’s Office for the District of New Jersey also announced related criminal charges.

Source: U.S. Securities and Exchange Commission.