Online Safety Community

HIPAA’s guidelines need to be understood to prepare for, prevent, respond and recover ransomware

Ransomware is dangerous and malicious software that infects the operating systems of computers that are vulnerable. It blocks access to files, and demands a ransom for releasing it. After the ransom is paid, usually in the form of virtual cash, through means such as Bitcoin, the block may be released. Many ransomware attacks, like ransom seekers in real life, blackmail and harass the victim for prolonged periods of time. Sometimes, ransomware can block the user’s access to the entire device.

This is how ransomware usually spreads within networks: It appears as a seemingly innocuous mail, asking users to carry out the simplest of tasks such as opening attachments to get a surprise. Of course, most unsuspecting users would not be aware of the magnitude of such a surprise.

Once the user does this in anticipation of a ‘reward’; utter chaos could follow. The ransomware can cause disruption in entire affiliated networks. To set the whole damage right; it could take colossal efforts, lots of time, and unspeakable stress and tension.

HIPAA has guidelines on how to deal with ransomware

It is but natural that there is a high degree of unease and anxiety among people in the US who deal with computer networks, given the extent to which the recent WannaCry ransomware attack spread panic over most parts of Europe and in other locations. Healthcare providers in the US are all the more worried because this ransomware attacked the National Health Service systems in the UK in particular. That they could be the next target is a strong possibility, which is why most healthcare providers need to take major steps to prevent such a ransomware attack. In fact, this recent WannaCry attack is only the latest in a series of attacks, of various types, on healthcare records. An extremely high number of over 100 million medical records were targeted in more than 250 different cyber incidents in the year 2015 alone.

Measures suggested by HIPAA

In view of these facts, and given its primary responsibility of ensuring the security, integrity and availability of medical records; HIPAA has come up with security measures aimed at preventing and countering these attacks. Predictably, these measures are pretty strong and stringent. The HIPAA Security Rule makes it a requirement from Business Associates and Covered Entities to carry out these tasks to check ransomware attacks:

  • Training needs to be imparted to users, consisting of both staff and the patients, on how to spot malware
  • Putting a security management process in place, the centerpiece of which is carrying out a Risk Analysis to identify the threats and to mitigate risks
  • Discussing the nature and enormity of the problem with patients and educating them on what they can and need to do to prevent attacks
  • Limiting the access to records and any sensitive information they contain
  • Taking appropriate data backups
  • Conceiving and implementing a disaster recovery program
  • Reporting and implementing security incident responses as laid out in 45 CFR 164.308 (a) (6)

Effectiveness of these measures is difficult to assess

All the diligence on the part of the HHS notwithstanding; it has a long way to go in implementing HIPAA rules on ransomware. What does it do when, for instance, a PHI is never accessed? How does it term such an action as a breach of data security, when its own rules clearly state that reporting should be done only when there is a breach? What this means is that while some cases of PHI data breach get reported, many more don’t.

Education on how to deal with ransomware

A webinar from MentorHealth, a leading provider of professional trainings for the healthcare industry will set all these doubts at rest. The speaker at this webinar, Paul Hales, an expert on HIPAA Privacy, Security, Breach notification and Enforcement Rules with a national HIPAA consulting practice based in St. Louis, will show how to put these measures as required by HIPAA.

Please register for this webinar . This course is approved for 1 general credit from the Nevada Board of Continuing Legal Education.

At this webinar, Paul will explain everything relating to ransomware. The learning includes topics such as the HIPAA rules that relate to ransomware, what kind of “social engineering” tricks hackers use to fill ransomware into systems, how an organization can prepare itself when it is subjected to a ransomware attack, and best practices for preventing, preparing, responding and recovering from attacks.

He will also cover other areas at this webinar, and these include:

  • How to do a HIPAA Breach Risk Assessment to determine if a Ransomware attack resulted in a HIPAA Breach - or not - if the assessment demonstrates a low probability of compromise to PHI
  • What the HIPAA Breach Notification Rule requires when a Ransomware attack does result in a Breach of Unsecured PHI
  • The interconnected roles and responsibilities of Covered Entities and Business Associates under the HIPAA Breach Notification Rule concerning Ransomware attacks

Views: 7

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Training Doyens posted events
55 minutes ago
Training Doyens updated an event
Thumbnail

Form I-9 Compliance at 26468 E Walker Dr, Aurora, Colorado 80016-6104

January 25, 2018 from 1pm to 2pm
OVERVIEWDon't spend another day worrying that you and your organization might end up in legal trouble from immigration law violations. The crucial information provided in this one-hour webinar will give you the knowledge and know-how needed to ensure your documentation is filled out appropriately, your records are kept correctly and your organization is legally compliant.WHY SHOULD YOU ATTENDImmigration law is one of the most pertinent and publicized issues in the United States right now.…See More
2 hours ago
John Robinson posted a blog post

The FDA's requirements for non-IND Foreign Clinical Studies

The FDA grants marketing approval for certain types of medical products whose application is the result of foreign clinical studies, provided the products and the clinical studies meet certain conditions. The types of medical productshttps://globalcompliancepaneltraining.files.wordpress.com/2017/12/the-fdas-requirements-for-non-ind-foreign-clinical-studies-2.jpg?w=800&h=504…See More
21 hours ago
Training Doyens posted an event
Thumbnail

Excel - Pivot Tables 101 at 26468 E Walker Dr, Aurora, Colorado 80016-6104

December 20, 2017 from 1pm to 2:30pm
OVERVIEWPivot Tables are one of the most powerful tools in Excel’s data analysis and Business Intelligence (BI) armory. With just a few clicks of the mouse (and no complicated formulas!) you can quickly and easily build reports and charts that summarize and analyze large amounts of raw data and help you to spot trends and get answers to the important questions on which you base your key business decisions.WHY SHOULD YOU ATTENDLearning how to create Pivot Tables is one of the must have skills…See More
yesterday

Forum

PEGA Axis error: Parser already accessed

We have a PEGA frontend, from in which we're keying in double byte characters like japanese and being send to allotted java webservice through axis. this is working best when we ship singlebyte…Continue

Tags: pega_training, pega_online, pega

Started by Soujanya Naganuri on Thursday.

VMware player error on install vmware tools.

 I've installed the last version of VMware player (4.0.2) and created a virtual machine with ubuntu 10.04. However, some operations with …Continue

Tags: training, online, vmware

Started by emmablisa Dec 1.

All About QlikView

QlikViewQlik relies on sophisticated analytics that enables data discovery using an in-memory engine to analyze data for patterns not visible via SQL data structures or queries. The company’s two…Continue

Tags: Safety, Qlikview

Started by nicolewells Nov 25.

Occupational Health and Safety 5 Replies

Health and safety are important aspects of an organisation’s smooth and effective functioning.  Did you know that workplace health & safety injuries cost Australian businesses over $60 billion…Continue

Tags: Safety, and, Health, Occupational

Started by WHS Solutions. Last reply by Tara safe Nov 16.

QlikView for its Safety Strategic Business Intelligence Solution Worldwide

QlikTech (NASDAQ:QLIK), a leading…Continue

Tags: Qlikview, safety

Started by nicolewells Nov 15.

Badge

Loading…

© 2017   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service