fist defense

Five Simple Defenses Against Cybercrime

Every day brings a new story about hacking in healthcare. There are seven big healthcare hacking stories just this week, but next week will likely be the same.

And every other day, cybersecurity stories are happening in the wider world. Today the New York Times reports on the new era of government sponsored cyberattacks in international relations. The Chinese government is accused of hacking “governments and universities in a yearslong campaign to steal scientific research.” In April we wrote about Russian cyber attacks on the U.S.

On May 21, 2021, the White House issued a new Executive Order on Improving the Nation’s Cybersecurity.

The opening sentence of the Order:

“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”

Cybersecurity risks are everywhere, and they are abundant and growing. This is the new normal and we need to adjust.

Act Now to Strengthen Your Own Cybersecurity

The good news is that there are simple defenses you can use today and tomorrow to greatly reduce your risk.

NOTE: These overlap with, but are slightly different from, the five best practices in the President’s Executive Order, above. Those five best practices are critically important, but several may take more effort than our quick-start suggestions below.

We still strongly recommend a full HIPAA Risk Analysis and follow-up Risk Management plan, but even if you’re not ready to do that, take these steps now.

  • Data back-up

Maintaining offline, current backups is most critical because there is no need to pay a ransom for data that is readily accessible to your organization. Experts recommend offline, encrypted backups of data and regular testing of backups. It is important that backups be maintained offline as many ransomware variants attempt to find and delete any accessible backups.

  • Ensure anti-virus and anti-malware protection is up-to-date

This may seem obvious, but don’t gloss over this one. Verify that a) you have a quality anti-virus/anti-malware software installed on your system, and b) confirm it is current. Has the subscription lapsed?

  • Improve password security

The first step is to choose a strong password to begin with. Remind the workforce that passwords are never to be shared, or written in an email or text to someone else. Consider using a password manager to choose and store your passwords. Finally always choose multi-factor authentication (MFA) when it’s offered.

  • Patch and update software

Review all the software you have on your systems. When software is out of date, that means the vendor is no longer supporting its functionality and security. Also, older software has been hacked for longer by cyber criminals, and they know all the weaknesses. Invest in the most up-to-date software you can, and install all the patches on your current software recommended by the vendor.

  • Workforce security training

There are basic key tools to avoid phishing, one of the most common methods hackers use to gain entry. Help your workforce by showing them these tricks and remind them to be suspicious of unexpected emails, attachments and links. HIPAA cybersecurity training should be given in short chunks, memorable, and tied directly to the person’s responsibilities – make sure it’s relevant.

Cybersecurity Resources Summary

One of the best resources on how to defend against ransomware is the brand new website hosted by the Cybersecurity and Infrastructure Security Agency (CISA) – it’s the one-stop shop for government resources to fight cybercrime. Also, read the May, 2021 Executive Order.

To stay ahead of HIPAA requirements in healthcare, we recommend reading the Summer 2021 Cybersecurity Newsletter that came out last week from the Office for Civil Rights (OCR), the agency that enforces HIPAA. It discusses two elements of the HIPAA Security Rule, Information Access Management and Access Controls.

We’ve said it before, but believe in it strongly, so we repeat that the best defense against cybercrime is strong HIPAA compliance. 

If you need help getting started, or you want a refresher course, give The HIPAA E-Tool® a call.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2023 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU