Recently a memo went out from the White House and Cybersecurity and Infrastructure Agency (CISA) to industry leaders that emphasized the threat posed by ransomware within their businesses as well as emphasizing just how important it was to the current administration to prioritize the awareness. The memo also is putting the responsibility on the private sector to take ownership of their part of the equation in protecting themselves, and ultimately businesses, against the threat of cybercrime.
What stood out in this memo was the quote that “To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.” The administration is saying you need to look at this as more than an act of data theft. We couldn’t agree more.
It then continues to outline the steps you should take to protect yourself, your business, and your data. Reference the link in the first paragraph for more details on those steps.
In addition to the information released by those offices, an alert from HHS Office for Civil Rights was included titled Fact Sheet: Ransomware and HIPAA, providing additional information to entities regulated by HIPAA rules. It reiterates the increase in daily ransomware attacks and how these are conducted by exploiting human and technical weaknesses. At HIPAA Secure Now, we continually emphasize the human factor in cybersecurity, but we want to emphasize that in conjunction with this is the ability to make the humans in your business your greatest asset when it comes to cybersecurity. Being human isn’t the fatal flaw, it is how you can strengthen your security posture with behaviors that prevent cybercrime from advancing throughout your world whether it be professional or personal.
The fact sheet outlines what ransomware is and provides detail about how HIPAA compliance can assist healthcare businesses in preventing it from being deployed within their network. But as always, it bears repeating, HIPAA compliance is NOT the same as having a strong cybersecurity program, but they do go hand in hand and can complement each other.
A complete solution will help you address your organization’s risk factors for both HIPAA violations or audits and cybersecurity weaknesses. From there a plan should be devised to address all concerns, reinforce weak areas, and provide ongoing training that strengthens the human factor. In addition, having a plan to respond to a cyberattack is necessary, because, like a medical emergency, a timely response can mean the difference between survival or death. Make sure your business has all of the odds in your favor.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE