Critical Steps to Help Avoid Cybersecurity Attacks Print
Written by Gary Salman | Florida Healthcare Law Firm   
Tuesday, 18 June 2019 16:19

Ransomware attacks are impacting the healthcare community's HIPAA security at a staggering rate. If a practice has data stolen from their network and they did not report the breach to the Office for Civil Rights (OCR), they could be subject to massive fines for the lack of reporting. Specific steps must be followed to determine if ePHI (electronic protected health information) was compromised. This often involves hiring a forensics company and working with a cybersecurity company to harden the practice's infrastructure. When you are the victim of an attack once, you will mostly likely be a victim again because of vulnerabilities in your network that enabled the attack vector (or payload) to infiltrate your system. You cannot simply restore your data and hope for the best.
 
Many practices are unaware if their IT vendor, imaging company, billing company and/or software vendor are following the HIPAA laws related to compliance and cybersecurity. As a Business Associate, they are often required to follow the same laws as the covered entity (doctor). If your IT company has a breach or ransomware attack and it spreads from their network to yours, your records have now been compromised.

Last Updated on Tuesday, 18 June 2019 16:30