Do you ever worry if you’re doing everything you can to protect your healthcare data from cyber-attacks and stay compliant with HIPAA? If so, you’re not alone. Two new resources can help you strengthen your cybersecurity practices and maintain HIPAA compliance.
The first resource is a video from the Office for Civil Rights (OCR), the agency responsible for enforcing HIPAA. The video provides expert advice on using the HIPAA Security Rule to defend against cyber attacks. The video is also available in Spanish. Topics covered include:
- OCR breach and investigation trend analysis
- (e.g., Ransomware via hacking has increased 278% over five years, from 2018 – 2022, and is the largest cybersecurity threat facing healthcare today)
- Common attack vectors
- (e.g., hacking into network servers and email together account for 85% of the large breaches reported to OCR during 2023 to date)
- OCR investigations of weaknesses that led to or contributed to breaches
- (e.g., weak password management and lack of authentication measures)
- How Security Rule compliance can help regulated entities defend against cyber-attacks
- (e.g., follow the Security Rule requirements for authentication; see the June 2023 Cybersecurity Newsletter)
The second resource is a Toolkit created by the Cybersecurity Infrastructure Security Agency (CISA), the Health Sector Coordinating Council (HSCC), and HHS. The toolkit provides practical guidance for managing and mitigating cyber risk in the healthcare and public health sector.
The Toolkit includes advice for everyone, from beginners to experts, and covers topics like basic cyber hygiene and multi-layered defense measures.
One example is CISA’s StopRansomware guide. This website includes information, guidance, and other tools to help organizations protect, prepare for and respond to ransomware, including new forms of ransomware that keep surfacing – CISA serves as an early warning center whenever it learns of new threats.
This is only one example of the guides from CISA that contain practical steps to strengthen your cybersecurity.
Don’t fall behind – call us for answers. We have the resources to protect your healthcare data from cyber threats and keep you HIPAA compliant.