Ever receive an email from a self-proclaimed prince from out of the US claiming that you’re the heir to their fortune if you just click here. It’s hard to believe that individuals face cyber attacks when less-than-menacing emails like that pop up in inboxes all the time. However, the reality is that cyber attacks occur frequently, especially to large institutions there is more to lose. Often, these adversaries engage in placement of ransomware, which often forces small easily hackable businesses and large lucrative businesses to pay a ransom to release or decrypt stolen data.
The U.S. Department of Health and Human Services (HHS) has published an fact sheet defining ransomware while offering suggestions to healthcare providers to avoid stolen information. HHS claims the most marking feature of ransomware is
“its defining characteristic is that it attempts to deny access to a user’s data, usually by encrypting the data with a key known only to the hacker who deployed the malware, until a ransom is paid.”
In the sheet HHS also made several recommendations to prevent ransomware through a security management protocol:
-
Start a security management process
-
Determine method implemented detect bad software
-
Train employees to recognize signs of malicious software
-
Only give PHI access to a limited personnel
Because stolen information from a healthcare provider may be Protected Health Information (PHI), information stolen may result in a large HIPAA violation fine. It is essential for healthcare providers to protect patient information from those with malicious intent. Furthermore, HHS takes these violations very seriously; however, healthcare providers can recover or prevent these costly fines by following HIPAA recommendations and insulating staff from attacks.
For more information about healthcare compliance, visit our website. We offer an assortment of courses on HIPAA protections for all healthcare personnel. Healthcare compliance is our priority; get compliant today!
