An Analysis of Cybersecurity Practices in the Healthcare Industry

Humans or HIPAA?

When it comes to healthcare organizations addressing the HIPAA compliance of their business, many feel prepared and comfortable, readily checking that “compliant” box. But addressing the human part of security falls by the wayside too often.  Compliance and cybersecurity, which includes human security, both need to be a part of your overall strategic plan.

“If I have security, I’m ok with compliance, right?”  No, but you’re not alone in assuming that addressing one will take care of the other.  It is an easy mistake to make, and one that many healthcare businesses too often make.  Compliance and cybersecurity work together to keep you up, running and protected from a technical and federal regulations standpoint, but address different components.

When This Doesn’t Mean That

HIPAA compliance will take care of the laws and regulations that you need to adhere to.  Cybersecurity addresses the gaps or weaknesses in a business that makes that entity vulnerable to hackers.  If a breach occurs, your HIPAA compliance will be addressed by government agencies to make sure you were in accordance, and this will protect you legally in some respects.  So, in this regard, they work together to protect you, but cybersecurity must be your first line of defense.

With an increased value being put on healthcare data by cybercriminals, the target gets bigger every day on the business’s back.  Right alongside those increased values is the matching rise in the number of data breaches each year.  Healthcare data is sold for 10-20 times that of stolen credit card numbers, so where do you think hackers are focusing?  Just like most businesses, they go where the money is.  To add to the damage being done, they are not just focused on data theft, but also overall disruption to the business with targeted employee attacks.

Healthcare must begin to look at cybersecurity with the same reverence that they hold HIPAA compliance in.  Protecting your business and patient data should be an effort that combines both strategies.  If your IT provider isn’t discussing this with you, it doesn’t mean that they aren’t doing it already, but don’t assume. Ask questions, work together and make a plan that secures your business as a whole, not just segments of it.

 

The post Compliance & Cybersecurity Go Hand-In-Hand appeared first on HIPAA Secure Now!.

Remain Calm, Remain Honest – and Remain in Business

Avoiding the inevitable does not make it go away.

Healthcare patients choose a provider based on the quality of care.  In addition to that, the public will generally assume that their private information is safeguarded and not something that they need to verify or investigate before choosing that specific provider.  By alerting them to something they assumed to be a non-issue, it is understandable to be concerned about the loss of business.  However, credit reporting agency Experian has recently found that this churn can be kept to a minimum with the proper response plan.

In July 2019, Experian surveyed 1,000 adults in the United States and found that 90% of those surveyed would be somewhat forgiving if they were informed promptly as a result of an organized communication plan being in place by their provider.  Previous studies by Experian identify numbers that are more of a red flag to all parties.

It is in these studies that they found that only 34% of all breached response plans include some form of customer notification and that those plans are in place for only 52% of companies.  So, the few that are ideally prepared have a greater chance of survival, and those who aren’t prepared have a full stack of odds against them.

How Can the Risks Be Lowered?

Have a breach response plan in place.  This should be created by someone who knows their way around a breach and is ideally certified to assist with creating such a plan.  Additionally, have cyber insurance as part of your in-place plan.  This will allow you to call upon experts in the event that a (very likely) breach does occur.  And as we identified above, ensure that your breach plan includes client communication.

Even if you don’t have all of the answers immediately, letting them know that you are aware of the breach and will keep them updated will go a long way.  This increases the trust between you and your patients and makes it more likely that they will stay with your business following an incident.

66% of those surveyed would leave a practice due to slow or poor communication – don’t let this happen to your organization. It is better to be truthful up front than have to explain why you were dishonest in the past. People can accept mistakes, but they are less likely to accept being deceived.

The post Does Your Breach Response Plan Include Notification? appeared first on HIPAA Secure Now!.

 

A Toothache Beyond Repair

Hackers have used the very software that hundreds of dentists relied on to run their business, to bring it to their knees.  A ransomware attack is responsible for shutting down computers at roughly 400 dental offices all over the U.S. The Digital Dental Record and Wisconsin-based cloud services provider, PerCSoft collaborated on DDS Safe, which was used by US-based dental practice offices in the US for medical record retention and backup.  Cybercriminals deployed REvil (Sodinokibi) ransomware via this application to demand monies and regain access to their files.

As of today, we know that some companies did opt to pay the ransom while others wait for a decrypter to recover their encrypted files. The process has been slow, and some offices are finding it isn’t working at all.

REvil (Sodinokibi) ransomware is one of the most active and widespread ransomware strains seen this year, and this is the second time it has happened this summer.  Earlier in June, a group yet to be named, was breached using the same strain.

Follow Up

While Digital Dental Record learned of the breach on August 26th, and immediate action was taken, even a quick response couldn’t save the offices that were already infected.

This means that those offices are unable to run effectively while this situation is remedied, and some may run the risk of never fully recovering.

The Wisconsin Dental Association issued a statement confirming that DDS Safe remains a “WDA endorsed product” and that they are aware of the breach.

This likely isn’t the last story we’ll hear about a medical breach this week.  Numbers continue to rise, including the risk percentage that all providers face.  We must continue to educate ourselves on how to be proactive and not reactive as cybercrime is now an ongoing occurrence.

And above all, we need to acknowledge that even our best efforts do not remove the risk of others being less diligent in their practice of cybersecurity.

The post Ransomware Hits Hundreds of Dental Offices appeared first on HIPAA Secure Now!.

 

It’s a Fact

When you search for cyberattacks by vertical, always in the top categories is healthcare.  It can be filtered from there by the size of the business, whether it is enterprise or small to medium-sized establishments, but the information targeted is patient data.

Why?

Because who knows more personal information about you than your doctor?  Likely, no one.  And if that data can be accessed, it can be like opening a treasure chest of data to a hacker.  So many ways to manipulate that data, it can be an endless source of income via ransomware or sales on the dark web.

Back for More

With outdated and unsupported systems allowing easy access for hackers, the amount of PHI uncovered in a simple breach makes it a jackpot find.  Not only are technical security gaps an easy entrance for cybercriminals into healthcare organizations, but poor employee cyber-hygiene makes it incredibly easy for hackers to find their way in. Once these databases go for sale on the dark web, they are then used AGAIN by other cybercriminals for a second round of attacking whether it be by selling the patient data or using administrative credentials to login and hit the network with another breach.

This activity is not limited to US-based hackers either.  Foreign-based hackers have been found to target US healthcare networks in an attempt to blackmail them, as well as gain access to research data.  Not only does this pose a threat to the patient data, but to the United States medical industry in a different way.  If advances in treatment, prescription solutions, or any type of research is stolen and credited to another business entity or country, US-based businesses will suffer that loss financially or from lack of recognition.

What’s the Remedy?

Raising awareness, updating equipment, networks, software, etc. and addressing the risk of biomedical devices before they are in place – all are necessary.  We also need to continually address the human factor within healthcare organizations as it is proven time and time again that this poses one of the highest risks to any breach occurring.

The post Repeat Offender appeared first on HIPAA Secure Now!.

 

As many of you know, an Electronic Health Record (EHR) is a digital record of a patient’s paper charts, updated in real-time.  This is an incredible option to have in the world of medicine, where information can be exchanged between doctors as well as business associates. It also provides an incredible benefit to the patient, giving them the best and most appropriate care when needed.

Overall, it really is a great thing to have so much information at your fingertips.  Unless that information gets into the wrong hands.  Which is exactly what happened to Allscripts Healthcare, an EHR company used by a variety of businesses in the medical field, including

hospitals, pharmacies and emergency service (ambulance) centers around the world.

Today Allscripts is working with the Department of Justice to pay $145 million in a preliminary settlement in response to an attack that exposed patient records which were thought to be safe in the cloud.   They were in violation of HIPAA, the HITECH Act’s EHR incentive program, and the Anti-Kickback Statute related to Practice Fusion – which was the company acquired by Allscripts in 2018.  This settlement will resolve both companies of all criminal and civil liability related to the investigation surrounding them both.

Unfortunately, they aren’t alone.  With the human component being the big risk factor in any organization, healthcare employs many, many people with patient access.  Each record is a gold mine for hackers, and therefore even one mistake can prove costly to an organization like we’re seeing with Allscripts.

How do we remedy this?  The first and most important step is to cover your assets. Cyber Insurance is going to increase your likelihood of surviving a breach, but once you have the end protection setup, get your employees trained.  And then repeat the training.  Conduct Security Risk Assessments at least annually, not only to comply with HIPAA but to identify security gaps which could leave your organization’s data up for grabs. Then, perform a vulnerability scan and find out if your system is as secure as you hope and believe.

Protection and prevention go hand in hand and in the world of healthcare, you can never have enough.

The post Allscripts to Pay $145 Million for Practice Fusion EHR Investigation appeared first on HIPAA Secure Now!.

 

We’re just passed the midway point of the year and if this were our own health report, we’d be failing miserably when it comes to data breach prevention.

According to a recent report from Protenus and Databreaches.net, over 31 million healthcare records were breached in the first six months of 2019.  That is double the amount of 2018.

The information in these breaches was not caught and remediated quickly either.  Patient data was ‘for sale’ and available for manipulation on the dark web for months before being discovered in the American Medical Collection Agency breach.  With a confirmed 20 million records having been affected, the fallout from that will reveal itself in all of the days and months ahead – if not years.

So how did we get here?

Some of these were insider jobs – in fact, 60 of the incidents were a result of that. That means that over 3 million records were exposed because of existing employees.  These aren’t the hackers lurking on the dark web or in airports stealing your Wi-Fi, these are KNOWN actors in a business.  Hacking accounted for 60% of all incidents.  This means that out of 168 data breaches, phishing took down 88 businesses, with ransomware and malware being deployed at 27 of those.

The statistics are staggering, but what is also something to take note of – aside from the revelation that insiders are putting your business at risk – is that it’s not direct healthcare entities that are always responsible.  Yes, providers reported 72% of the breaches, but it was also health plans and business associates that are contributing to the overall numbers.

What does this mean?

It means that we can stand by and watch the numbers continue to elevate, the rate of increase continues to double and triple, or we can rework our approach, attack and react.  We’ve said it before, but every business owner – regardless of the vertical or channel in which they operate, need to say, “It is no longer an option of IF I’m part of a breach, but a matter of WHEN I’m part of a breach.”  Second to this must be the integration of cyber insurance into a business’s arsenal.  Surviving the breach is one thing, but thriving afterward and even during a breach, is another.

The post Halfway Health Check appeared first on HIPAA Secure Now!.

Computer network security

This isn’t something you can pencil in and get to when you have time, cyber maintenance has to be something you commit to. We all have those moments when we realize that we had the best intentions to stick with something, but its priority fell by the wayside. We start off strong, then taper off until we forget completely.

When it comes to your cybersecurity, there isn’t a shortcut or short-term guide to safeguarding your information and identity, so taking time to address it is not only necessary, it is going to pay off in the long run.

Sharpie this in

Book time on your calendar in the way you would for personal or home maintenance.  You schedule haircuts and change the batteries in smoke detectors, so consider establishing the same type of habits when it comes to your online information.

Take this time to update passwords, ensure that your software is all updated to the latest version and that you have two-factor authentications enabled where it is an option.  Call your credit card companies and ask about their security policy – and do they have methods in place to protect you from being hacked?  Enabling alerts on purchases and payments via text or email will help you to tackle any issues immediately rather than long after the damage has been done.

The bottom line is that you need to take time out of your schedule to deal with this. It’s not always convenient and it’s not always what you feel like doing, but you need to make it as much as a priority as any other maintenance in your life.

The post Make Time for Cybersecurity appeared first on HIPAA Secure Now!.

Cyberwarfare

 

In 2018, 71% of ransomware attacks targeted small businesses, according to a report by Beazley Breach Response Services. It’s clear that small businesses are a cybercriminals favorite target, yet many remain unprepared to handle a cyber-attack.

Is it that small businesses don’t care about cybersecurity?

It wouldn’t be fair to make that assumption; however, small businesses do often overlook cybersecurity concerns. This could be the result of many different things. For example, small businesses often do not have the resources to dedicate to cybersecurity. In fact, some of those businesses don’t have a dedicated IT individual/company at all. In some instances, small businesses may be carrying the “it won’t happen to me mentality” – despite plenty of statistics stating that small businesses are the most susceptible to a cyber-attack. And then there is the complexity of the topic. Many organizations don’t understand cybersecurity. Mix the lack of understanding with the other reasons that cybersecurity is often overlooked, it’s easy for small businesses to put it on the back burner and forget about it.

Out of sight, out of mind

Another reason it’s hard to get organizations to care about cybersecurity is that “if they can’t see it, it isn’t there”. It’s easy to take physical security of your organization seriously. You know that you must lock the office door when you leave, or that leaving medication unlocked and unsupervised could lead to its disappearance.

Unfortunately, cybersecurity doesn’t work the same way. Organizations can be told about cybersecurity risks and best practices, but not being able to physically see the danger makes it difficult to care or prioritize those safeguards above others. Think about it, you’ve used the same password for everything, for years. It’s not a difficult password so it’s easy for you to remember. You’ve heard that complex passwords are important, and you know you should never use the same password across multiple accounts, but you’ve been doing this for years and nothing bad has happened, so it’s probably not a concern for you. Cybersecurity is often out of sight, out of mind.

Healthcare organizations are especially vulnerable

The healthcare industry is the most targeted industry by cybercriminals. Many of the reasons for this are the same reasons that attackers target small businesses. Healthcare organizations also see a lot of turnover, which could translate to cybercriminals as new employees to target, many of which, may not be properly trained.

The value of healthcare data to a cybercriminal is also unparalleled. Medical records bring in big bucks on the dark web, allowing these attackers to see large returns for even just one successful attack.

Don’t wait till it’s too late

The worst mistake you can make is to think you’re not at risk, or not think cybersecurity is a high enough priority to do something about it. Small businesses need to take what we’ve learned about cybercriminals targeting them as a warning and act before they too become another statistic.

Cybersecurity tips

1. Recognize You’re a Target – First and foremost, you must accept that you are a target for cybercriminals. Every organization, small or large is a target and no industry is off limits. If cybercriminals see value in attacking your organization, they will.

2. Security Risk Assessment – It’s important to understand where your organization’s security gaps are. Perform a Risk Assessment to determine what safeguards should be in place but are not. For example, policies, data backup procedures, inactivity timers on your computers, etc.

3. Security Awareness Training – Employees must be trained on cybersecurity and understand how to spot malicious attempts made by cybercriminals. Employees should know how to spot a phishing email and the dangers of clicking attachments or URLs within emails, as these are common methods for a hacker to get in.

4. Complex Passwords – Passwords must be complex, reasonably long (at least 10 characters), and different across all accounts. Simple passwords can easily be cracked by cybercriminals through a brute-force attack, putting your entire organization at risk. Using repeat passwords across various accounts is also dangerous since one compromised password could give a hacker access to all your accounts.

5. Use a Password Manager – Managing several difficult passwords can be a difficult task, but password security should not be compromised for convenience. Using a password manager is a great way to ensure all passwords are secure. The best part is, you only need to remember one master password.

6. Enable Two-Factor Authentication – Sometimes referred to as 2FA, or multi-factor authentication, two-factor authentication is another layer of security for accessing your accounts, aside from you entering your credentials. 2FA requires a second form of authentication for you to successfully log in. For example, you may have to enter a 6-digit code sent to you via a text message to prove it is really you who is trying to log in.

7. Perform Updates – Ensure your software is being updated when updates become available. Software updates are often issued to fix a vulnerability found in the software. Not performing updates can often leave you susceptible to attacks that could have been prevented.

8. Regularly Backup Your Data – Do not underestimate the importance of routinely backing up your data. A cyber-attack could occur at any minute, and when it does, your data could be at risk. If your data becomes inaccessible or corrupt, through a ransomware attack, for example, you’ll need to be able to get that data another way – from your backups.

9. Audit accounts for suspicious activity – Make sure you’re performing audits on your systems. For example, if you have an EHR, you should be auditing it regularly looking for unusual activity, such as logins after hours, users accessing abnormal amounts of medical records. If inappropriate activity is occurring, the quicker you catch it the better off you’ll be.

10. Cyber Insurance – As cybercriminals continue to become more sophisticated, attacks will continue to occur. It’s no longer a matter of if your organization will be attacked, but when. Security incidents are incredibly costly, sometimes putting organizations out of business. Costs could include a breach coach, forensics, breach notification, credit monitoring, crisis management, and more. Verify that your organization has cyber insurance (this coverage is often not included in your standard policy) to protect you in the event of a security incident.

The post 10 Cybersecurity Tips for Small Businesses appeared first on HIPAA Secure Now!.

dark web

 

Approximately 25,000 patients are being notified by Adirondack Health that their protected health information (PHI) may have been obtained by a hacker.

Vermont-based Adirondack Health is part of the Adirondacks Accountable Care Organization (ACO). Adirondacks ACO analyses health data for the entire region and is made up of all the Adirondack region’s hospitals.

The Breach

On March 4, 2019, it was discovered that an unauthorized individual had accessed an employee’s email account for two days. After discovering the unauthorized access, Adirondacks ACO began checking every email and attachment in the affected employee’s account, looking for any PHI that may have been accessed.

Adirondacks ACO discovered that two employees had been discussing information regarding patients who had missed a baby wellness exam and other screenings, as part of their population health analysis. The employees were planning to send the information, contained in a “gap-in-care” spreadsheet, to providers so they could determine how to contact their patients.

That’s when an unauthorized individual from outside the U.S. remotely obtained access to the email account. At this time, no evidence suggests that the email was opened by the unauthorized party, however, the possibility could not be ruled out.

The Exposure

The unauthorized access was not due to a phishing attack, and a spokesperson for Adirondack Health stated he does not believe the employee could have avoided it. The spokesperson also stated that policies are being changed as a result of the incident.

Information contained in the exposed spreadsheet includes patients’ names, dates of birth, Medicare ID numbers, health insurance member numbers, as well as limited treatment and/or clinical information. Some patients also had their Social Security numbers listed.

Adirondacks ACO began notifying patients of the breach in early July. 25,000 letters of notification have been sent to affected patients, with only a few remaining.

For patients who had their Social Security numbers listed on the spreadsheet, free credit monitoring and identity protection will be provided by Adirondacks ACO.

The post 25,000 Patients’ Data Exposed in Email Hack appeared first on HIPAA Secure Now!.

Adirondacks Accountable Care Organization

A recent report by KLAS and CHIME looked at the cybersecurity practices of healthcare providers, based on recent guidance issued on cybersecurity practices in the healthcare industry. The results? Although some best practices seem to be on the radars of organizations of all sizes, overall findings suggest that small practices have some work to do.

In their white paper, KLAS and CHIME look at a document recently released by the 405(d) Task Group, which was put together by the Department of Health and Human Services (HHS) following the Cybersecurity Act of 2015. The document “Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients” (HICP), outlines 10 cybersecurity practices that organizations should focus their attention on.  Remember, don’t just take your IT service providers word for it, if your practice is “ALL GOOD” or not, I have heard it all before later to find out different.  Have your practice assessed by an outside company. This is the only true way to know where you stand, and know how resilient you are against business interruptions regardless if is a cyber attack or system outage.  You NEED to know so you can be prepared.  This is call a Business Impact Analysis, this is not something that IT service providers do so seek to have it done by a third-party professional.

10 Cybersecurity Practices

  1. Email Protection Systems
  2. Endpoint Protection Systems
  3. Access Management
  4. Data Protection and Loss Prevention
  5. Asset Management
  6. Network Management
  7. Vulnerability Management
  8. Incident Response
  9. Medical Device Security
  10. Cybersecurity Policies

KLAS and CHIME used responses from over 600 providers gathered in the 2018 Healthcare’s Most Wired survey to assess how healthcare providers are doing in their adoption of these cybersecurity best practices.

How are organizations doing with their adoption of cybersecurity practices and how can you improve yours?

Below are the key findings laid out by KLAS and CHIME on how organizations are doing with the 10 cybersecurity practices recommended by the Task Group.

  1. Email Protection Systems – Practices of all sizes seem to be doing well with their email protection, with most organizations having deployed email protection systems.
  • Are you protecting your email? Email protection includes filtering and encryption services to help keep attackers out. With email being the most common attack vector, email protection is critical, but only one component of keeping attackers at bay when it comes to email threats.
  1. Endpoint Protection Systems – Similar to email protections, practices of all sizes are also doing well with deploying endpoint protection systems. It is worth noting however, that 20% of small organizations have not implemented an intrusion-detection and prevention system (IDPS), an important first line of defense in protecting endpoints.
  • Are you protecting your endpoints? With mobility becoming more common in the workplace, it’s critical to ensure that ALL endpoints are properly protected. Endpoint protection includes antivirus, encryption, mobile device management (MDM), and more.
  1. Access Management – Most organizations acknowledged that they have adopted access management policies, however, less than half of small organizations have implemented multifactor authentication (MFA). There has been little adoption for adaptive/risk-based authentication for organizations of all sizes.
  • Are you managing access? Managing user access is critical, especially in the healthcare industry. As cybercriminals continue to target the healthcare industry, they will continue trying to crack employees’ credentials, send phishing emails, etc. It is important to make it difficult for attackers to get in, thus implementing controls like MFA is critical.
  1. Data Protection and Loss Prevention – Data loss prevention (DLP) tools are in place for most organizations, including 70% of small organizations. All organizations stated that they back up their data, however, the majority do so offsite rather than in the cloud.
  • Are you addressing data protection and loss prevention? Patient data must be shared securely, meaning that data must always be protected including at rest, in use, and in motion. Policies and procedures should be in place to address this process, which is a basis for DLP. Encrypting your data and ensuring you have backups available is essential for businesses of all sizes.
  1. Asset Management -The survey collected little information when it comes to how organizations are managing their assets, however, almost all respondents said they are properly disposing of devices with PHI.
  • Are you managing your assets? Knowing what devices are used within your organization is extremely important, however simply tracking what devices you purchased is no longer enough. Organizations should know what operating system their devices are running, MAC and IP addresses, locations, patching information and more. Policies should be in place that outline how you’re managing assets, including how you’re properly disposing of them when the time comes.
  1. Network Management – Nearly all organizations have network access controls (NAC) to monitor devices that are connected to the network. Organizations are doing well with firewalls and device security, which are widespread, however less than half of small organizations reported having their networks segmented.
  • Are you managing your networks? Managing your network is incredibly important at keeping cybercriminals out. It is absolutely necessary for all organizations regardless of size to have their networks properly segmented, that way if an attack were to occur it would not spread to the entire network. In addition, protecting your network with firewalls and device security should be a top priority.
  1. Vulnerability Management – 90% of large organizations running vulnerability scans at least quarterly, while 60% of small and medium-sized businesses are. Despite the Task Group recommending large organizations run penetration tests, small organizations are more likely to do so. Some small organizations reported that resource constraints prevent them from involving multiple business units in their remediation.
  • Are you managing your vulnerabilities? Vulnerability scans will look for and identify vulnerabilities found within your organization. Adding in penetration testing through internal or external teams will also help you with your vulnerability management, allowing for a deeper look at your vulnerabilities. Policies should be implemented so that after you have conducted a vulnerability scan, you will be prepared to prioritize and remediate the identified vulnerabilities.
  1. Incident Response – Most organizations have an incident response plan in place, however only half of them conduct an annual enterprise-wide test to see if that plan is successful.
  • Do you have an incident response plan? Having an incident response plan is yet another critical cybersecurity practice for organizations of all sizes. This plan should include policies and procedures for handling an incident, quickly and efficiently isolating and mitigating security events, how to handle breach notifications, etc. In addition to having an incident response plan in place, it should be tested at least annually to verify that the plan works the way you intend it to.
  1. Medical Device Security – Medical device security was found to be a top security concern for survey respondents due to the challenges that are present with them, like their potential to be breached and put patient safety at risk. The top two security struggles identified with medical devices include out-of-date operating systems that cannot be patched and a lack of inventory of assets due to a large number of devices that need to be secured.
  • Are you securing medical devices? Although it may be easier for small organizations to secure their medical devices due to a lower volume of devices and strong policies for doing so, organizations of all sizes should make this a priority. While difficult to do so, do your best to keep an inventory of your medical devices and verify that the list is current. If a vulnerability is known for a device and you are aware of that device and its location, you can begin addressing that vulnerability.
  1. Cybersecurity Policies – Small organizations are less likely to have cybersecurity policies in place, such as dedicating an individual to be the chief information security officer (CISO), or a bring-your-own-device (BYOD) policy.
  • Do you have your cybersecurity policies in place? A strong cybersecurity program includes policies and technology to support them. Don’t overlook the importance of implementing cybersecurity policies. KLAS and CHIME state, “While various policies underly each of the previous nine cybersecurity practices, organizations’ overall security policies should include the following elements: proper classification of data; definition of roles and responsibilities within the organization (including proper governance); employee education; definition of acceptable data and tool usage; definition of proper use of personal and employer-provided devices; and creation of a cyber attack response plan.”

Although not all cybersecurity best practices are being ignored in the healthcare industry, it is safe to say that there is work to be done, especially within smaller organizations.

Remember, it’s not only the government and your state of compliance you need to worry about, it’s cybercriminals too.

For more information regarding the cybersecurity best practice guidance, put together by the Department of Health and Human Services, check out this recent webinar!

Or if you need help implementing these measures contact Sentree Systems, Corp. We have the expertise to get your practice inline before it’s too late.  317-939-3282 or sentree_support@sentreesystems.com or for more information and tips on what you can do download our FREE report on how to minimize your risk of Ransomware attacks.

The post An Analysis of Cybersecurity Practices in the Healthcare Industry appeared first on HIPAA Secure Now!.

Is Your COMPANY's Data on the Dark Web, Find out TODAY!!!

GET YOUR FREE DARK WEB SCAN TODAY!!!

Copyright © 2015 - 2018 Sentree Systems, Corp.. All rights reserved.

Sentree Systems, Corp. | 6137 Crawfordsville Rd Ste F #177 Indianapolis, IN 46224 | 317-939-3282