The threat of ransomware is hitting every sector of the economy. But the biggest, most dangerous and disastrous attacks have been occurring in the more lightly defended parts of industry and government. Healthcare has been especially hard hit.
The U.S. Department of Health and Human Services (HHS) is seeking to change this situation by issuing new guidance. Preventing ransomware is now more clearly expected for HIPPA compliance.
From a HHS blog post:
To help health care entities better understand and respond to the threat of ransomware, the HHS Office for Civil Rights has released new Health Insurance Portability and Accountability Act (HIPAA) guidance on ransomware. The new guidance reinforces activities required by HIPAA that can help organizations prevent, detect, contain, and respond to threats, including:
- Conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and establishing a plan to mitigate or remediate those identified risks;
- Implementing procedures to safeguard against malicious software;
- Training authorized users on detecting malicious software and report such detections;
- Limiting access to ePHI to only those persons or software programs requiring access; and
- Maintaining an overall contingency plan that includes disaster recovery, emergency operations, frequent data backups, and test restorations.
More details are provided in a PDF sheet on the HHS website:
Latest posts by Bob Gourley
- OODA and Bastille Webinar: Finding phones, wearables and gadgets through Cellular, Bluetooth, Bluetooth Low Energy and Wi-Fi device detection - November 20, 2019
- OODA Loop Launches A New Series Of Market Based Assessments Aimed At Your Success - November 18, 2019
- How Do Leaders In Government Decide Weather To Buy Or Build? Do They pick GOTS or COTS? - November 18, 2019