Cybersecurity Archives

Suze Shaffer November 1, 2022February 2, 2024

Healthcare cyber-attacks are on the rise and data breaches can cost a practice a fortune. It is no secret that patient data is valuable on the black market. Cyber criminals will try many different methods to gain access to this data.

The Office for Civil Rights (OCR) stated in their Cybersecurity Newsletter that there has been a 42% increase in cyber-attacks for the first half of 2022 compared to 2021, and a 69% increase in cyber-attacks targeting the health care sector. The number of data breaches occurring in the health care sector also continue to rise. Breaches of unsecured protected health information (PHI), including ePHI, reported to the OCR affecting 500 or more individuals increased from 663 in 2020 to 714 in 2021. Seventy-four percent (74%) of the breaches reported to OCR in 2021 involved hacking/IT incidents. In the health care sector, hacking is now the greatest threat to the privacy and security of PHI. A timely response to a cybersecurity incident is one of the best ways to prevent, mitigate, and recover from cyberattacks.

If you haven’t done so already, we recommend completing the Security Incident Procedures and Breach Notification Plan. You should add those responsible for your Security Response Team. Educate your team on identifying security incidents and how to respond to them. The quicker you can identify a threat, the sooner you can mitigate the issue.

Another area to ensure that you have in place is your inventory list to ensure you can locate which devices may be affected. In your Contingency Plan, there is a list of devices and software applications that you can use to determine which devices/applications that will need to be brought online in which order. Your IT department/vendor will assist with this process.

If it has been determined that a breach of patient data has occurred, this must be reported to the OCR. Remember to follow your state law if it is more stringent.

As with all requirements under HIPAA, you must document your process. If it is not documented, it does not exist. If there are other areas that you have questions, please do not hesitate to contact us!

To find out more about how our online HIPAA Keeper™ can help your organization with HIPAA Compliance click here:

Or to schedule a demo click the contact us tab and scroll down.

“Simplifying HIPAA through Automation, Education, and Support”

Suze Shaffer October 29, 2020April 8, 2022

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The advisory references the joint CISA MS-ISAC Ransomware Guide that provides a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.

In addition to these materials regarding the most recent ransomware threat to the Healthcare and Public Health Sector, the HHS Office for Civil Rights’ Fact Sheet: Ransomware and HIPAA provides further information for entities regulated by the HIPAA Rules.

CISA, FBI, and HHS are sharing this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats. CISA encourages users and administrators to review CISA’s Ransomware webpage for additional information.

Tag: Cybersecurity

Healthcare Cyber-Attacks on the Rise

Cyber Alert: Ransomware Activity Targeting the Healthcare and Public Health Sector