Healthcare cyber-attacks are on the rise and data breaches can cost a practice a fortune. It is no secret that patient data is valuable on the black market. Cyber criminals will try many different methods to gain access to this data.
The Office for Civil Rights (OCR) stated in their Cybersecurity Newsletter that there has been a 42% increase in cyber-attacks for the first half of 2022 compared to 2021, and a 69% increase in cyber-attacks targeting the health care sector. The number of data breaches occurring in the health care sector also continue to rise. Breaches of unsecured protected health information (PHI), including ePHI, reported to the OCR affecting 500 or more individuals increased from 663 in 2020 to 714 in 2021. Seventy-four percent (74%) of the breaches reported to OCR in 2021 involved hacking/IT incidents. In the health care sector, hacking is now the greatest threat to the privacy and security of PHI. A timely response to a cybersecurity incident is one of the best ways to prevent, mitigate, and recover from cyberattacks.
If you haven’t done so already, we recommend completing the Security Incident Procedures and Breach Notification Plan. You should add those responsible for your Security Response Team. Educate your team on identifying security incidents and how to respond to them. The quicker you can identify a threat, the sooner you can mitigate the issue.
Another area to ensure that you have in place is your inventory list to ensure you can locate which devices may be affected. In your Contingency Plan, there is a list of devices and software applications that you can use to determine which devices/applications that will need to be brought online in which order. Your IT department/vendor will assist with this process.
If it has been determined that a breach of patient data has occurred, this must be reported to the OCR. Remember to follow your state law if it is more stringent.
As with all requirements under HIPAA, you must document your process. If it is not documented, it does not exist. If there are other areas that you have questions, please do not hesitate to contact us!
To find out more about how our online HIPAA Keeper™ can help your organization with HIPAA Compliance click here:
Or to schedule a demo click the contact us tab and scroll down.
“Simplifying HIPAA through Automation, Education, and Support”