Missing the HIPAA Target – Part 5 and Last of the Series

In this series I have tried to capture key steps to enable successful implementation of critical HIPAA elements.   Right or wrong, HIPAA has become the recipe for cybersecurity for healthcare.  But because of the legacy of HIPAA, the majority of providers do not take it seriously.  If you are not taking cybersecurity seriously, you are heading for a train wreck! This series has emphasized: Being risk management proficient rather than being a "HIPAA Expert". Being accountable, which means ...

Phishing with Ransomware – Don’t take the bait!

Phishing is a hacking technique that uses phony emails to trick users into revealing sensitive account information (e.g., account password) and/or installing malicious software (“malware”). With ransomware hogging the headlines, non-technical staff may have gotten the impression that the phishing threat is over. News flash – 97% of phishing messages now act as carriers for ransomware!  (Barkly Stats & Trends) Aaghh! So now, it’s more important than ever that staff be trained to anticipa ...

Closing the Cybersecurity Gap

As we hear more and more about breaches and ransomware in businesses and especially healthcare, it is becoming an even greater concern for healthcare business owners. It is no longer if you will be attacked, but when and how often. The first step in closing the cybersecurity gap is to realize that you can't do it on your own. Cybersecurity is not finding your basic "IT guy" that "can fix it". It is about obtaining the right resource whether that is a full time hire or a managed service. The next thin ...

What to do if you are a Ransomware victim – latest guidance from HHS

In an earlier post, Clint Eschberger explained that the Best Defense Against Ransomware is a Good Backup. So hopefully your backups are in order - multiple, off-site, and tested. In addition to your internal processes for getting your organization back online, the HHS just issued the following guidance for reporting ransomware incidents and obtaining guidance. If  your organization is the victim of a ransomware attack, HHS recommends the following steps: Please contact your FBI Field Office ...

Missing the HIPAA Target – Part 4

In my first blog of this series, I stated that the intent of HIPAA was not to make you an expert on regulations, but to guide you to be risk management proficient, which is the ability to recognize threats and risks to your practice and manage them to eliminate or minimize their impact.  The next installment was accountability; taking ownership and delivering verifiable results.  This was followed by the importance of training.  What is the next? Well, you need to know how to identify risks and th ...

Care Disruption – The Ultimate Security Risk

We in the cybersecurity and HIPAA compliance communities talk a lot about breaches and fines and total costs of breach remediation - yadda, yadda, yadda. All non-trivial realities to be sure, but when the WannaCry ransomware attack paralyzed hospitals and physician practices and pharmacies and surgery centers around the globe, I was thinking about the members of the care team. Elective surgeries can be postponed and lots of routine wellness services, such as eye exams and hearing tests and school physic ...

Buckle Up, It’s Going to be a Wild Cyber Ride!

Breathing a sigh of relief that the WannaCry ransomware attack didn’t hit your organization?  Thinking you’ve dodged that bullet?  Well, think again!  If trends are any indication, and they typically are, I think it’s going to get a lot bumpier.  Below are some incidents that lead me to to this conclusion.  So, buckle up and hold on tight! January 2015 – Largest Single Healthcare Breach - Anthem Insurance breach affecting over 80 million people.  Investigations point to state sponsored cybe ...