By Gil Vidals, , HIPAA Blog
 

Clear Procedures are Needed to Protect against Malicious software.

That’s a start. Here’s what you also need:

  • Trained users of (the latest) malicious software protection tools, who’ve become skilled in the discovery and reporting of such detections.
  • Limited access to ePHI through controls, allowing only the persons or software programs that require access, and reducing the potential for unintended exposure.
  • Data integrity and availability – clear HIPAA requirements – through frequent data backups, to ensure full recovery from a ransomware attack.

If all this seems daunting, outsourcing the care of your environment to a managed security service provider (MSSP) that offers 24/7 support and specializes in HIPAA compliance can be invaluable.

Not only will you benefit from the latest in ransomware protections, including security patching, system monitoring, and server hardening, your administrators will have peace of mind that costly breaches and downtimes can be avoided, and sensitive data protected.

Note: Of course, if your company believes it has been the target (or even attempted target) of a ransomware attack, a security incident response plan (see the definition of security incident at HIPAA Security Rule 45 C.F.R. 164.304) that seeks to isolate the infected computer systems should already be in play. Infected entities should also not hesitate to contact their local FBI or United States Secret Service field office for help.

* Beazley Company, a provider of data breach insurance and response services, reports that the biggest cause of healthcare data breaches in 2017 was actually unintended disclosures. Hacking and malware accounted for 19% of breaches, while unintended disclosures accounted for 41% of incidents.

To read more about the managed services that we provide, click here.

 

Avatar photo

Gil Vidals is the president and CTO of HIPAA Vault. He is a passionate, subject matter expert on HIPAA compliance and the healthcare cloud, and co-host of the HIPAA Vault podcast. Since 1997, Gil’s mission has been to provide uncompromising and affordable HIPAA compliant hosting solutions to commercial and government clients, helping protect their sensitive health information from data breaches and security vulnerabilities. HIPAA Vault has been recognized as an Inc. 5000 company and a Clutch Top B2B company. He can be reached here on Linkedin.