HHS guidance
PARCA
eNews – July 14, 2016 – The FBI has reported an increase in ransomware attacks
and media have reported a number of ransomware attacks on hospitals. One of the
biggest current threats to health information privacy are posed by the serious
threats of malicious cyber-attacks on electronic health information systems,
such as through ransomware. To help health care entities better understand and
respond to the threat of ransomware, the HHS Office for Civil Rights has released new Health
Insurance Portability and Accountability Act (HIPAA) guidance on ransomware.
The new guidance reinforces activities required by HIPAA that can help
organizations prevent, detect, contain, and respond to threats.
Highlights
include:
- Conducting
a risk analysis to identify threats and vulnerabilities to electronic
protected health information (ePHI) and establishing a plan to mitigate or
remediate those identified risks;
- Implementing
procedures to safeguard against malicious software;
- Training
authorized users on detecting malicious software and report such
detections;
- Limiting
access to ePHI to only those persons or software programs requiring
access; and
- Maintaining an overall contingency plan that includes disaster recovery, emergency operations, frequent data backups, and test restorations.
Source: HealthIT.gov
No comments:
Post a Comment