Clearly stated procedures to detect and protect against malicious software.
Trained users of (the latest) malicious software protection tools, who become skilled in the discovery and reporting of such detections.
Limited access to ePHI through controls, allowing only the persons or software programs that require access, and reducing the potential for unintended exposure.
Data integrity and availability – clear HIPAA requirements – through frequent data backups, to ensure full recovery from a ransomware attack.
If all this seems daunting, outsourcing the care of your environment to a managed security service provider (mssp) that offers 24/7 support, and specializes in HIPAA compliance can be invaluable. Not only will you benefit from the latest in ransomware protections, including security patching, system monitoring, and server hardening, your administrators will have peace of mind that costly breaches and downtimes can be avoided, and sensitive data protected.
Note: Of course, if your company believes it has been the target (or even attempted target) of a ransomware attack, a security incident response plan (see the definition of security incident at HIPAA Security Rule 45 C.F.R. 164.304) that seeks to to isolate the infected computer systems should already be in play. Infected entities should also not hesitate to contact their local FBI or United States Secret Service field office for help.
* Beazley Company, a provider of data breach insurance and response services, reports that the biggest cause of healthcare data breaches in 2017 was actually unintended disclosures. Hacking and malware accounted for 19% of breaches, while unintended disclosures accounted for 41% of incidents.
To read more about the managed services that we provide, click here.