• Date : September 19, 2018
• Tag: Business ContinuityCISOCloud RecoveryCybersecurityDisaster recoveryEPHIGap AnalysisHIPAAISMSISO27001LDSPHIRansomwareVCISO

Data Security Threats for Healthcare Industry Continues in 2018

With threats related to cybersecurity in the healthcare industry is on the rise, the total number of attacks simply signifies a single fragment of the challenge. Cybercriminals are using their ingenious approach to invent unique methods to crack into security measures through directed and refined attacks. This increase of security breaches is a timely reminder that along with an increasing number of attacks, their range is also expanding, which eventually increases the risk of disruption in care delivery.

The healthcare industry was an easy and productive mark for hackers in 2017 through weaponized ransomware, misconfigured cloud storage stacks and phishing emails ruling.

These threats will endure in 2018, as the cybercriminals will probably get more inventive regardless of better awareness in healthcare organizations at the managerial level.

Healthcare breaches pose serious issues for both patients and providers. Therefore it is important for organizations to take significant and budget-impacting decisions while determining the ways to accomplish and report compliance with healthcare business regulations and data protection standards. The companies need to apprehend the difficult choices they have and the certain requirements which apply in order to decide the best method and progress towards continuing compliance and information security. The most noticeable standard HIPAA is used today in the healthcare industry which deals specifically with Electronic Protected Health Information (EPHI). There are some HIPAA Do’s and Don’ts for the healthcare sector.

HIPAA Do’s

1. Always review HIPPA rules every few years as they are continuously being updated.
2. All HIPAA policies for covered entities and their business associates must be reviewed and revised annually.
3. Include senior management of any company information. If Senior Management will take it seriously, others will be following the trail.
4. Treat patients’ personal information as you would like your own information to be treated: Keep it secure and respect their right to privacy.
5. Always keep track of your Business Associate Agreement.
6. Provide awareness and training to the staff since it is your best defense against EPHI threats.
7. Know the elements of HIPAA’s Limited Data Set (LDS) – 19 unique identifiers.
8. Small medical practice offices need to train their employees about HIPAA compliance as well.
9. Keep your voice down when discussing patient finances, both in person and over the phone.

HIPAA Don’ts

1. Don’t put PHI in the email subject line
2. Don’t transmit PHI or the patient sensitive data, but if it’s necessary then encrypt the data.
3. Never share your credentials with anyone.
4. Avoid snooping PHI, even if you have access to it.
5. Remove access to the network soon after the individual is terminated.
6. Don’t act on intuition. Always ask your compliance officer when unsure as to whether an action is in violation or not.