Online Safety Community

HIPAA’s guidelines need to be understood to prepare for, prevent, respond and recover ransomware

Ransomware is dangerous and malicious software that infects the operating systems of computers that are vulnerable. It blocks access to files, and demands a ransom for releasing it. After the ransom is paid, usually in the form of virtual cash, through means such as Bitcoin, the block may be released. Many ransomware attacks, like ransom seekers in real life, blackmail and harass the victim for prolonged periods of time. Sometimes, ransomware can block the user’s access to the entire device.

This is how ransomware usually spreads within networks: It appears as a seemingly innocuous mail, asking users to carry out the simplest of tasks such as opening attachments to get a surprise. Of course, most unsuspecting users would not be aware of the magnitude of such a surprise.

Once the user does this in anticipation of a ‘reward’; utter chaos could follow. The ransomware can cause disruption in entire affiliated networks. To set the whole damage right; it could take colossal efforts, lots of time, and unspeakable stress and tension.

HIPAA has guidelines on how to deal with ransomware

It is but natural that there is a high degree of unease and anxiety among people in the US who deal with computer networks, given the extent to which the recent WannaCry ransomware attack spread panic over most parts of Europe and in other locations. Healthcare providers in the US are all the more worried because this ransomware attacked the National Health Service systems in the UK in particular. That they could be the next target is a strong possibility, which is why most healthcare providers need to take major steps to prevent such a ransomware attack. In fact, this recent WannaCry attack is only the latest in a series of attacks, of various types, on healthcare records. An extremely high number of over 100 million medical records were targeted in more than 250 different cyber incidents in the year 2015 alone.

Measures suggested by HIPAA

In view of these facts, and given its primary responsibility of ensuring the security, integrity and availability of medical records; HIPAA has come up with security measures aimed at preventing and countering these attacks. Predictably, these measures are pretty strong and stringent. The HIPAA Security Rule makes it a requirement from Business Associates and Covered Entities to carry out these tasks to check ransomware attacks:

  • Training needs to be imparted to users, consisting of both staff and the patients, on how to spot malware
  • Putting a security management process in place, the centerpiece of which is carrying out a Risk Analysis to identify the threats and to mitigate risks
  • Discussing the nature and enormity of the problem with patients and educating them on what they can and need to do to prevent attacks
  • Limiting the access to records and any sensitive information they contain
  • Taking appropriate data backups
  • Conceiving and implementing a disaster recovery program
  • Reporting and implementing security incident responses as laid out in 45 CFR 164.308 (a) (6)

Effectiveness of these measures is difficult to assess

All the diligence on the part of the HHS notwithstanding; it has a long way to go in implementing HIPAA rules on ransomware. What does it do when, for instance, a PHI is never accessed? How does it term such an action as a breach of data security, when its own rules clearly state that reporting should be done only when there is a breach? What this means is that while some cases of PHI data breach get reported, many more don’t.

Education on how to deal with ransomware

A webinar from MentorHealth, a leading provider of professional trainings for the healthcare industry will set all these doubts at rest. The speaker at this webinar, Paul Hales, an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis, will show how to put these measures as required by HIPAA.

Please register for this webinar . This course is approved for 1 general credit from the Nevada Board of Continuing Legal Education.

At this webinar, Paul will explain everything relating to ransomware. The learning includes topics such as the HIPAA rules that relate to ransomware, what kind of “social engineering” tricks hackers use to fill ransomware into systems, how an organization can prepare itself when it is subjected to a ransomware attack, and best practices for preventing, preparing, responding and recovering from attacks.

He will also cover other areas at this webinar, and these include:

  • How to do a HIPAA Breach Risk Assessment to determine if a Ransomware attack resulted in a HIPAA Breach - or not - if the assessment demonstrates a low probability of compromise to PHI
  • What the HIPAA Breach Notification Rule requires when a Ransomware attack does result in a Breach of Unsecured PHI
  • The interconnected roles and responsibilities of Covered Entities and Business Associates under the HIPAA Breach Notification Rule concerning Ransomware attacks

Views: 14

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Mark Nilson posted events
21 minutes ago
gracylayla posted a blog post

What Are The Search Commands In Splunk?

The Splunk Commands are one of the programming commands which makes your search processing simple with the subset of language by the Splunk Enterprise commands. These commands are used to transform the values of the specified cell into numeric values. The following are the listed Splunk Search commands that are sorted according to the various categories.Correlation:These are one of the commands which can be used…See More
1 hour ago
Training Doyens posted events
1 hour ago
Jam Blanco posted a blog post

Communication Towers: Commonly Encountered Hazards

Workers who maintain or install communication towers have to climb towers with the aid of ladders and other support structures. Their workplace is about 100 feet in the air in excess of 2000 feet and they have to work in all weather conditions.Needless to say, workers who work on communication towers are constantly exposed to a number of hazards. Some of the common ones include:ElectrocutionFallsFalling object hazardsEquipment failureDetrimental weather conditionsStructural failure of…See More
2 hours ago

Forum

5 TECHNOLOGY-BASED LONE WORKER SAFETY SOLUTIONS

ABOUT 75% OF EMPLOYEES IN NORTH AMERICA ARE MOBILE WORKERS. ADVANCES IN COMMUNICATIONS TECHNOLOGY MEANS THESE WORKERS CAN WORK ANYWHERE AT ANY TIME. THESE NEW TECHNOLOGIES ALSO MEAN THESE MOBILE…Continue

Tags: Solutions, People, IoT, Monitoring, Remote

Started by Jen McDade May 31.

Road Safety Solutions 14 Replies

The Road Safety Signs ,Barriers,Humps,Hazard Markers and Visual Warnings are some of the important marks to be observed. Signs such as "keep left",stop, "give way" should not be casually treated.…Continue

Tags: safety, gear, wear, Equipment, &

Started by Enna Henry. Last reply by Jen McDade May 31.

Remote Monitoring

Get "Safe Assets and Sound Productivity" Through Remote Monitoring.Visit:…Continue

Tags: Solutions, People, IoT, Monitoring, Remote

Started by Jen McDade May 23.

Python Condition Objects Tutorial in 2018 1 Reply

If you have knowledge of other programming languages, then you would know the importance of conditional statements. Conditional statements are required for taking decisions. Whenever we operate the…Continue

Tags: course, certification, training, languages, programming

Started by Elena Lauren. Last reply by Jim Chesters May 15.

Power BI Visualization Types

Visualizations in Power BI displays the visual insights from a data. In power bi service a visual can be pinned from reports to create dashboards. Visuals are used in reports.List of visualizations…Continue

Tags: COURSE, TRAINING, BI, POWER

Started by Azharuddin May 15.

Badge

Loading…

© 2018   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service