It might be tempting to become complacent in the face of repeated news reports about cyber-attacks and ransomware. Don’t. A ransomware attack is terrible but preventable.
Yesterday’s ransomware attack hit systems in Ukraine first but spread quickly across the globe and hit a hospital and a law firm located in the United States (as of the time of this writing). It may continue to spread.
In healthcare, a complete HIPAA compliance program is your best defense. HIPAA compliance instills a culture of compliance throughout your organization so everyone is working together to maintain the privacy and security of your data. Defense is not solely the IT staff’s responsibility – everyone in the workforce should be trained on cybersecurity, e.g., how to avoid phishing, the use of their personal mobile devices, and the importance of reporting things that look wrong.
The HIPAA Security Rule contingency plan is a blueprint for preparing for and recovering from a ransomware attack. It requires data backup, disaster recovery and emergency mode operation plans that enable you to resume normal operations and maintain the confidentiality, integrity and availability of your data.
What do other experts advise?
- Immediately install patches to keep your software up to date
- Back up your data – all of it – don’t forget mobile devices
- Maintain up to date anti-virus protection throughout your systems
- Train employees to remain alert and avoid phishing
The HIPAA E-Tool® has everything you need, the policies, procedures and forms, training, and a helpline to answer questions – check it out – if you already use it, refer it to others. Full HIPAA compliance is the best defense.