Although work for many organizations slows down during the week between Christmas and the New Year, cyber criminals are not taking time off. In fact, cyber risks are much higher during holidays. Now is the time to stay extra vigilant.
We note that healthcare systems are not slowing down, since coronavirus continues to send patients to hospitals making healthcare particularly vulnerable right now. Healthcare organizations that follow HIPAA and practice good HIPAA Risk Management have a much better chance of defending against attacks, but can strengthen their defenses with key steps.
Vigilance at work is critical, but vigilance at home is important too. Everyone should learn the basics of good security to keep their data safe and their systems operational. Criminals go after all internet users, small and large.
Review New CISA Guidance
Of particular concern to the federal government is critical infrastructure – the sixteen sectors which are vital for the health and safety of the nation. The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a new warning to remind organizations to increase vigilance, review key defenses and strengthen best practices right away.
CISA outlined some key actions that organizational leaders should take immediately to achieve operational resiliency, improve network defenses, and safeguard their organizations from cyber threats over the holidays.
For example, leaders should try to increase organizational vigilance by:
- closing gaps in Information and Operational Technology (IT and OT) security personnel coverage to ensure that staff can provide continuous monitoring. Security coverage during this season is crucial since many organizations may have lower staffing during the winter holidays.
- being ready for rapid response by adopting “a state of heightened awareness” in the event of a security incident.
Other recommendations from CISA include:
- Ensure network defenders implement cybersecurity best practices. Enforce multi-factor authentication and strong passwords, install software updates (prioritizing known exploited vulnerabilities), and secure accounts and credentials.
- Stay informed about current cybersecurity threats and malicious techniques. Encourage IT/OT security staff to subscribe to CISA’s mailing list and feeds to receive notifications when CISA releases information about a security topic or threat.
- Lower the threshold for threat and information sharing. Immediately report cybersecurity incidents and anomalous activity to CISA and/or the FBI.
HIPAA Risk Management
Defense against cyber crime is central to the HIPAA Security Rule and strong HIPAA compliance is a blueprint to protect against cyber threats of all kinds.
Every recommendation in the CISA warning is mirrored in a full HIPAA Risk Analysis that follows the HIPAA Privacy and Security Rules. The HIPAA E-Tool® contains the CISA review steps, along with every best practice required for managing privacy and security risks 365 days a year. If you follow HIPAA you can lower cyber risks to a manageable level, keep patient data safe and avoid costly downtime.