Wednesday, September 28, 2022
HomeHealthcareEnhancing the Cybersecurity Posture of Healthcare in 2022

Enhancing the Cybersecurity Posture of Healthcare in 2022


Because the Director of the Workplace for Civil Rights on the U.S. Division of Well being and Human Providers (OCR), prioritizing cyber safety and affected person privateness is of the utmost concern.  From my years in authorities service, I perceive cyberattacks all too properly from my position on the U.S. Division of Homeland Safety  the place I drove the company’s response to the 2015 U.S. cyber breach mitigation of 4 million federal personnel and 22 million surrogate profiles, which on the time was the biggest hack in federal historical past.  Now because the OCR Director, I’m persevering with this necessary work main HHS’s enforcement of the Well being Insurance coverage Portability and Accountability Act (HIPAA) Privateness, Safety, and Breach Notification Guidelines.

Cyberattacks grabbed headlines all through 2021 as hacking and IT incidents affected authorities businesses, main firms, and even provide chains for important items, like gasoline.  For healthcare, this yr was much more turbulent as cybercriminals took benefit of hospitals and healthcare methods responding to the Covid-19 pandemic.  A couple of well being care supplier was compelled to cancel surgical procedures, radiology exams, and different companies, as a result of their methods, software program, and/or networks had been disabled. And on the finish of December, a important vulnerability in a extensively used Java-based software program referred to as “Log4j” grabbed headlines with warnings concerning the potential dangers this safety flaw might pose for organizations of all sizes.  Such unpatched vulnerabilities give hackers easy accessibility to a corporation’s pc server, and doable entry into different components of a community. These reviews underscore why it’s so necessary for well being care to be vigilant of their strategy to cybersecurity. With these dangers in thoughts, I wish to name on coated entities and enterprise associates to strengthen your group’s cyber posture in 2022.

All too typically, we see that danger analyses solely cowl the digital well being report.  I can’t underscore sufficient the significance of enterprise-wide danger evaluation.  Danger administration methods should be complete in scope.  You need to absolutely perceive the place all digital protected well being info (ePHI) exists throughout your group – from software program, to linked units, legacy methods, and elsewhere throughout your community.

Should you haven’t checked out your danger administration insurance policies and procedures not too long ago to forestall or mitigate these considerations, now’s the time to take action.  Some finest practices embrace:

  • Sustaining offline, encrypted backups of knowledge and commonly take a look at your backups;
  • Conducting common scans to determine and deal with vulnerabilities, particularly these on internet-facing units, to restrict the assault floor;
  • Common patches and updates of software program and Working Techniques; and
  • Coaching your staff concerning phishing and different widespread IT assaults.

Good cyber hygiene habits assist preserve your community wholesome and defend the ePHI in your methods.  OCR is right here to assist with steering and sources:

As a part of the whole-of- authorities response to assist private and non-private organizations defend in opposition to the rise in ransomware circumstances, the Cybersecurity and Infrastructure Safety Company (CISA) launched StopRansomware.gov with sources designed to assist organizations perceive the specter of ransomware, mitigate danger, and within the occasion of an assault, know what steps to take subsequent.

Lastly, our workplace has issued the 2020 Annual Report back to Congress on HIPAA Privateness, Safety, and Breach Notification Rule Compliance, and 2020 Annual Report back to Congress on Breaches of Unsecured Protected Well being Info.  These reviews spotlight the continued want for regulated entities to enhance compliance with the HIPAA Safety Rule requirements, particularly the implementation specs of danger evaluation and danger administration, info system exercise evaluate, audit controls, safety consciousness and coaching, and authentication.  All of those compliance considerations have been recognized as areas needing enchancment in 2020 OCR breach investigations.

We owe it to our sufferers, and trade, to enhance our cybersecurity posture in 2022 in order that well being info is non-public and safe.

Finest,
Lisa J. Pino, Director, Workplace for Civil Rights, U.S. Division of Well being and Human Providers

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Most Popular

Recent Comments