Being successful in the healthcare industry today means you have as much integrity and accountability with your patients as you do with the protection of their data. A patient can’t trust you if they worry their information may fall into the wrong hands.
One of the biggest threats in the health industry is potential malicious cyber attacks on electronic healthcare systems, such as through ransomware. We’ve talked about potential risks again and again here on our blog.
To better help those in the healthcare industry understand and respond to the threat of ransomware, the HHS Office for Civil Rights has released new HIPAA guidance on ransomware. It recommends that organizations:· Identify the risks facing patient data
- Create a plan to address the problems and concerns
- Set up procedures to protect systems from malware attacks
- Train users to spot malware
- Limit access to the most sensitive information only to those with need
- Have a disaster recovery plan in place
That includes frequent data backups to ensure your data is always safe and retrievable as needed.
The new guidance, in general, reiterates what is already in place. It does provide more specifics, however, with an emphasis on better education, which is a key component of any good data protection program.
Ransomware almost always gets into a system either through email attachments or through links to malicious websites, both of which can be addressed by educating employees on what to look for.
It especially leaves a company vulnerable if too many personnel have access to the most sensitive data. Organizations should focus on providing access only on an as-needed basis. Yet because many IT departments are understaffed, they err on the side of too much access. By giving more than what is needed, they avoid having to update and change records as needs change over time.
How does this impact you?
It’s another reminder that top priority should be given to keep your data safe and secure. And the best way to ensure the integrity of your data is by having an effective security plan in place, one that your employees are reminded of and trained on again and again.
Are you compliant with the new HIPAA Guidance?