Ransomware Update from the Healthcare IT Team
As a healthcare administrator or worker, you likely have “WannaCry” fatigue, however after fielding numerous questions and concerns from my friends and clients in the healthcare industry, I felt the need to offer a Winxnet Healthcare IT Team update on the issue.
As our Security Team pointed out this week (and many times before that), the controls to limit your risk remain the same, regardless of industry. However, because of the potential for breaches of PHI, the stakes and stress are a bit higher in the healthcare industry.
In addition to the controls articulated by our Security Team yesterday, here are some helpful healthcare specific questions to ask yourself to determine if your healthcare organization is taking the appropriate steps to limit risk:
- How is your internal training and compliance program? There is a wealth of information available in order to assist with awareness, but unless you have a defined program and program owner, you are likely not capturing or training on all of the information in a meaningful or effective way.
- Do you have a Written Information Security Plan (WISP) or compliance officer? Many states require this by law, and the task can be time consuming without the right partner or internal resources.
- When was the last time you had a HIPAA Risk Analysis performed? These analysis can offer helpful steps to reduce risks before they become a problem.
There is no way to completely prevent any cyber-attack, just as there is no way to completely prevent an accident or crime. You can only take steps to make yourself and your business and your data as secure as possible. It is our recommendation that you ensure your healthcare organization seriously consider the above steps in order to manage as much risk as possible, as these attacks will only continue.