Ransomware - How to Stay Secure in Healthcare IT
Early in July, the HHS Office for Civil Rights (OCR) published a factsheet with detailed guidance for Covered Entities and Business Associates on Ransomware. For those of you who aren’t as familiar with these types of attacks, ransomware is a type of malicious software that is intended to compromise computer systems. Malware attempts to deny access to a user’s data and information, usually by encrypting the data with a key that only the hacker is aware of, until the ransom is paid.
According to ‘Fact Sheet: Ransomware and HIPAA’ published by OCR, there have been 4,000 daily ransomware attacks since early 2016 which is a 300% increase from last year. There were only 1,000 daily ransomware attacks reported in 2015. There are many methods that can be effective to prevent ransomware as well as recover from this malicious type of attack.
Here are a few key activities that Covered Entities and Business Associates need to do to remain secure:
- Annual Risk Analysis – Conduct an Annual Risk Analysis annually ensuring knowledge of where all Electronic Protected Health Information (ePHI) is created, maintained, stored, transmitted and vulnerabilities are identified and reduced to reasonable and appropriate levels.
- Data Back Up and Contingency Plans – It is imperative to be proactive about your backup solution. Without a proven, tested backup, your organization can be at extreme risk. There are many options for backup solutions, and Winxnet Security experts have proven solutions.
- Security Training & Awareness – It’s very important that your organization provide frequent training sessions for employees. This training will improve the security culture at your business, issue frequent reminders and reduce the probability of malicious attacks.
- Breach Notification Procedure – It’s extremely important to create a culture of security at your organization. Your IT or leadership team needs to have a plan in place if your organization falls under attack. It is also crucial to have a procedure to prevent malicious attacks or avoid repeat incidences.
These are just a few elements that Covered Entities and Business Associates need to stay secure. If you do not feel as though your organization is where it needs to be from a HIPAA compliance and security standpoint, it’s time for a conversation with our experts.