Welcome!

Enterprise IT Context for the CTO

Bob Gourley

Subscribe to Bob Gourley: eMailAlertsEmail Alerts
Get Bob Gourley via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Blog Feed Post

HIPPA and Ransomware in the Healthcare Sector: “Your PHI or your life”

Bob Gourley

healthcare-shutterstock_393447982https://i2.wp.com/ctovision.com/wp-content/uploads/healthcare-shuttersto... 768w, https://i2.wp.com/ctovision.com/wp-content/uploads/healthcare-shuttersto... 1000w" sizes="(max-width: 300px) 100vw, 300px" data-recalc-dims="1" />The threat of ransomware is hitting every sector of the economy. But the biggest, most dangerous and disastrous attacks have been occurring in the more lightly defended parts of industry and government. Healthcare has been especially hard hit.

The U.S. Department of Health and Human Services (HHS) is seeking to change this situation by issuing new guidance. Preventing ransomware is now more clearly expected for HIPPA compliance.

From a HHS blog post:

To help health care entities better understand and respond to the threat of ransomware, the HHS Office for Civil Rights has released new Health Insurance Portability and Accountability Act (HIPAA) guidance on ransomware. The new guidance reinforces activities required by HIPAA that can help organizations prevent, detect, contain, and respond to threats, including:

  • Conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and establishing a plan to mitigate or remediate those identified risks;
  • Implementing procedures to safeguard against malicious software;
  • Training authorized users on detecting malicious software and report such detections;
  • Limiting access to ePHI to only those persons or software programs requiring access; and
  • Maintaining an overall contingency plan that includes disaster recovery, emergency operations, frequent data backups, and test restorations.

More details are provided in a PDF sheet on the HHS website:

http://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf

Read the original blog entry...

More Stories By Bob Gourley

Bob Gourley writes on enterprise IT. He is a founder and partner at Cognitio Corp and publsher of CTOvision.com