Cybersecurity

Windows 7 HIPAA Risk
Cybersecurity, HIPAA

OCR Alert: Windows 7 a Growing Risk for Cyberattacks

August 13, 2020 Comments Off on OCR Alert: Windows 7 a Growing Risk for Cyberattacks

August 13, 2020 Have you updated your Microsoft Windows version recently? If your answer is no, then you might be at a greater risk of experiencing a cyberattack. The Office for Civil Rights (OCR) in partnership with the FBI sent out an alert just this morning regarding the increase in cyberthreats to outdated computer networks, specifically the Windows 7 operating system (OS).  Windows 7 went end of life (meaning it is no longer supported or patched by Microsoft) in January of this year. Because it is no longer monitored or supported, the OS is missing the necessary security updates to continuously protect against hackers. Utilizing the outdated system dramatically increases the risk of cyberattackers accessing your computer systems – including the sensitive patient data they house.  In their alert, the OCR expands on the various vulnerabilities that come from failing to safeguard your practice’s computer network by continuing to use Windows 7, including that: Other factors that increase the current risk include the shift to working remotely and the less secure network connections typically used at home. It is highly recommended to upgrade any outdated computer systems as soon as possible to reduce risk. In addition to updating your operating system, ensure your anti-virus and firewalls are all up to date to best protect your devices from outside threats.  While updating core operating software may mean additional costs and resources, the OCR emphasized the importance of following their recommendation in their alert, stating that, “these challenges do not outweigh the loss of intellectual property and threats to an organization.” While HIPAA does not specify a required operating system, meeting required technical safeguards does include keeping your systems secure and as protected as reasonably possible from cyber threats. In this case, that means having an active OS that is still receiving critical security updates. We highly recommend protecting your critical patient information and upgrading any systems necessary as soon as possible.  

What the CISA Wants You to Watch For
Cybersecurity

What the CISA Wants You to Watch For

May 21, 2020 Comments Off on What the CISA Wants You to Watch For

May 21, 2020 Cyber threats in general but especially those affecting healthcare organizations have been a hot topic of discussion over the past few months. Recently, the Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI), and the Office for Civil Rights provided guidance on the most common technical vulnerabilities that have been exploited during 2020 and in particular during COVID-19. We know you’ve had a lot of information thrown your way lately, so to keep your practice up to speed and help you stay ahead of new vulnerabilities, here’s a brief overview of the bulletin’s highlights: As organizations begin to go back to work, it’s important to know that much like COVID-19 itself these cyber threats won’t just go away. Properly educating your employees on good cyber hygiene, doing routine checks and updates on security safeguards, and continuing to be on the lookout for any potential threats are vital in keeping your practice protected. Certain things your practice should be implementing right away are: For more information on the government’s guidance along with the mitigations provided to assist in ensuring the security of your practice view the full bulletin here.

HIPAA for Business Associates Checklist
Best Practices, Cybersecurity, HIPAA

Technical Safeguards for Cybersecurity

April 10, 2020 Comments Off on Technical Safeguards for Cybersecurity

April 10, 2020 HIPAA has been around for quite a while – since 1996, in fact – and part of HIPAA law has always included required safeguards to secure all aspects of a medical practice’s protected information. With the rapid adoption of technology within the healthcare industry, technical safeguards included in HIPAA law are some of the most important for practices of all sizes to implement. Technology has enabled businesses in the healthcare industry to move operations offsite. In light of the current public health emergency, allowing for access to all essential data without having to step foot into the office is vital to ensuring practices are ready to see patients after the social distancing rules are relaxed. While these advancements simplify and enhance your business operations, they have made a hacker’s job that much easier as well. Technical safeguards are the documented strategies and solutions that practices implement to secure electronic protected health information and control access to it. These include:  When it comes to the question of which data actually needs to be safeguarded, the answer is pretty much all of it. Any data that is accessed by, sent to or received from other practices or authorized vendors need to be protected as well as any data that has traceable identification that can be linked to a patient. This sensitive data must be encrypted prior to sending or receiving. Encrypting data may seem like a daunting task, but at a basic level, it just means making PHI unreadable to anyone other than the intended parties. Recent Cyber Threats Tied to COVID-19 While ensuring your practice is prepared for a cyber attack is always important, cyber threats have been headlining the news a lot lately along with the current COVID-19 health emergency. Hackers are taking advantage of this time of increased public vulnerability as well as increased use of technology from unsecured networks while many people are working from home. Read up on common tactics utilized in these threats in our recent article. Over the past few weeks, including just yesterday, multiple government agencies have issued warnings regarding recent threats to cybersecurity. These attacks range from individuals posing as government officials seeking access to PHI to other various phishing and malware distribution schemes utilizing the current concern and fear around COVID-19 as hackers ticket into your sensitive data.  Further guidance can be found in the public service announcement released by the FBI and yesterday’s bulletin from the CISA. Hackers aren’t just attempting to play the roles of OCR investigators, or focusing on sending you phishing emails – now your video-teleconferences are at risk too. Video chat apps have become increasingly popular whether it’s for telehealth appointments, office meetings, , or even just virtual happy hours with friends – it’s the best way to stay connected during this time of social distancing. Unfortunately, this added reliance on technology is just another way for scammers to attack. The FBI released additional guidance on defending against Video-teleconferencing (VTC) hijacking and “Zoom-bombing” which refers to attacks directly on the increasingly popular Zoom platform. Some noteworthy tips from this guidance include making sure your virtual meetings are private by requiring a password to gain access. Keeping these meetings private means keeping them off social media or other public-facing platforms so only provide meeting links directly to the individuals you want to be included. These attacks on video chatting software are especially important for medical practices to be aware of as just a few weeks ago the OCR updated their telehealth service regulations allowing doctors to use various communication apps to diagnose and treat patients while maintaining a safe distance.  Practicing Good Cyber Hygiene When it comes to cybersecurity, it’s important to know what to look out for, how to report any potential threats, and most importantly how to keep your practice and your patient data safe. Just yesterday, CISA, the United States Department of Homeland Security (DHS), and the United Kingdom National Cyber Security Centre (NCSC) issued a joint release featuring additional guidance on how to spot potential threats. Important tips for safeguarding your practice’s security during this time of increased risk include: There’s a lot of good ‘cyber hygiene’ out there, but here are a few top tips to keep your practice operations clean: If you have questions about technical safeguard requirements, Abyde has a team of HIPAA compliance experts ready and willing to help navigate your practice through these recent changes. If your practice is interested in learning more, sign up for one of our complimentary HIPAA compliance webinars where we’ll discuss HIPAA & COVID-19 from the comfort of your current remote work location.  

Concerned about HIPAA & OSHA compliance requirements in 2025? Join our live webinar for expert answers to the most common questions to ensure your practice is protected.

REGISTER TODAY
X