Thursday, May 23, 2019

OCR issues warning for ATP and zero-day exploits

PARCA eNews – April 9, 2019 – The Office of Civil Rights (OCR) warned HIPAA covered entities about advanced persistent threat (ATP) attacks and zero-day exploits in its Spring 2019 Cybersecurity Newsletter.

The newsletter points to the dangerous combination of ATP and zero day attacks that can threaten data all over the world.

As an example the OCR pointed to the EternalBlue exploit that targeted several Windows operating systems vulnerabilities. Soon after the EternalBlue exploit became publicly know, the WannaCry ransomware was released and began spreading, eventually spreading to hundreds of thousand of computers around the world, including the UK’s National Health Service. 

To proactively protect against such attacks the OCR pointed to HIPAA Security Rule that includes security measure that can reduce the impact of an APT or zero day attack:

  • Conducting risk analyses to identify risks and vulnerabilities (See 45 CFR § 164.308(a)(1)(ii)(A));
  • Implementing a risk management process to mitigate identified risks and vulnerabilities (See 45 CFR § 164.308(a)(1)(ii)(B));
  • Regularly reviewing audit and system activity logs to identify abnormal or suspicious activity (See 45 CFR § 164.308(a)(1)(ii)(D));
  • Implementing procedures to identify and respond to security incidents (See 45 CFR § 164.308(a)(6));
  • Establishing and periodically testing contingency plans including data backup and disaster recovery plans to ensure data is backed up and recoverable (See 45 CFR § 164.308(a)(7));
  • Implementing access controls to limit access to ePHI (See 45 CFR § 164.312(a));
  • Encrypting ePHI, as appropriate, for data-at-rest and data-in-motion (See 45 CFR §§ 164.312(a)(2)(iv), (e)(2)(ii)); and
  • Implementing a security awareness and training program, including periodic security reminders and education and awareness of implemented procedures concerning malicious software protection, for all workforce members (See 45 CFR § 164.308(a)(5)).

Source: Spring 2019 OCR Cybersecurity Newsletter

No comments:

Post a Comment

Followers