What New HIPAA Guidance Means For You

What New HIPAA Guidance Means For You

Being successful in the healthcare industry today means you have as much integrity and accountability with your patients as you do with the protection of their data. A patient can’t trust you if they worry their information may fall into the wrong hands.

One of the biggest threats in the health industry is potential malicious cyber attacks on electronic healthcare systems, such as through ransomware. We’ve talked about potential risks again and again here on our blog.

To better help those in the healthcare industry understand and respond to the threat of ransomware, the HHS Office for Civil Rights has released new HIPAA guidance on ransomware. It recommends that organizations:· Identify the risks facing patient data

  • Create a plan to address the problems and concerns
  • Set up procedures to protect systems from malware attacks
  • Train users to spot malware
  • Limit access to the most sensitive information only to those with need
  • Have a disaster recovery plan in place

That includes frequent data backups to ensure your data is always safe and retrievable as needed.

The new guidance, in general, reiterates what is already in place. It does provide more specifics, however, with an emphasis on better education, which is a key component of any good data protection program.

Ransomware almost always gets into a system either through email attachments or through links to malicious websites, both of which can be addressed by educating employees on what to look for.

It especially leaves a company vulnerable if too many personnel have access to the most sensitive data. Organizations should focus on providing access only on an as-needed basis. Yet because many IT departments are understaffed, they err on the side of too much access. By giving more than what is needed, they avoid having to update and change records as needs change over time.

How does this impact you?

It’s another reminder that top priority should be given to keep your data safe and secure. And the best way to ensure the integrity of your data is by having an effective security plan in place, one that your employees are reminded of and trained on again and again.

Are you compliant with the new HIPAA Guidance?

Should You Be Worried About Ransomware

Should You Be Worried About Ransomware

It’s early. And with a busy day ahead, you decide to head into the office to get a few things done before patients fill your day. You sit down at your desk, boot up your computer. But instead of seeing the familiar screen that greets you each morning, you see a bright red image, blinking, threatening that if you don’t pay $300 to an unknown party in the next forty-eight hours, everything currently on your computer will be erased.

Is it real? Do you believe it?

Click around and you’ll discover your computer is no longer under your control. You can’t bypass the screen. You can’t access anything.

Welcome to the world of ransomware. 

Antivirus software and security professionals have been in business almost as long as computers themselves. As people began trusting software and the online world with their sensitive data, hackers looked for ways to exploit the data for their own benefits. But with security one step behind them, they constantly look for new ways to get what they want.

The result has been a slew of new viruses known as ransomware. The earliest known version of ransomware was CryptoLocker, which hit the scene around the end of 2013. In less than a week, users began reporting that an unknown virus locked down their hard drives and demanded a ransom in return for access to their files.

Unlike other viruses that insert backdoors or trojans in hopes of capturing sensitive data they can later use any way they choose, ransomware demands a reliable revenue stream from the beginning. Amounts demanded depend on the criminal ring, but typically range anywhere from $25 to $600. And because it accepts Bitcoin or funds sent through MoneyGram on untraceable prepaid cards, it’s remained a solid income source for the originators.

Ransomware works because of its speed. And of course, knowledge is power. So the sophistication of ransomware continues to grow.

If a ransomware attack hits your practice, you have three basic options:

  • If you perform frequent backups, restore your system with the latest one
  • If you have not performed a backup, pay the ransom
  • Put your system back to default and lose all your data

Which means the safest, more reliable way of countering any ransomware attack is to

Back. Up. Everything.

Ransomware exploits the human aversion to taking action. Hackers prey on people’s displeasure of doing more work than is absolutely necessary. They know a vast majority of the population does not create carbon copies of their photo albums, music files, sensitive data and other folders that hold the most important data needed in daily life. They hold them hostage and demand ransom because they know they will get it if it’s the only version you have in existence.

That’s why s cloud storage system or backup service is vitally important on both the personal and professional level. This will prevent you from becoming a victim of ransomware and keep you in control over your data at all times.

How would ransomware affect your data?