Recently The HHS Office for Civil Rights (OCR) shared a comprehensive list of resources for any HIPAA-regulated entity to assist them in the prevention, detection, and mitigation of data breaches of protected health information that occurs because of hacking or ransomware.
As a covered entity or business associate under HIPAA compliance, an attack on your business may expose unsecured protected health information (PHI). Under the HIPAA Breach Notification Rule, there are reporting requirements that you must adhere to.
HIPAA Secure Now can help you to mitigate the rising risk of a cybersecurity breach, as well as maintain HIPAA compliance. Not sure if you’re covered? We can help you to uncover any gaps in your business structure.
This section contains briefs that outline individual threats in detail.
HHS Health Sector Cybersecurity Coordination Center Threat Briefs
A summary page can be found here.
HHS Resources on Section 405(d) of the Cybersecurity Act of 2015:
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx
- Cybersecurity Reports and Tools https://www.phe.gov/Preparedness/planning/405d/Pages/reportandtools.aspx
- Ransomware https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
- Risk Analysis
HHS Security Risk Assessment Tool:
CISA Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches:
CISA Ransomware Guide:
FBI Ransomware Resources:
OCR Cybersecurity Newsletters:
- Making a List and Checking it Twice: HIPAA and IT Asset Inventories (Summer 2020 Cybersecurity newsletter): https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-summer-2020/index.html
- What Happened to My Data?: Update on Preventing, Mitigating and Responding to Ransomware (Fall 2019 Cybersecurity Newsletter):https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-fall-2019/index.html
- Phishing (February 2018 Cybersecurity Newsletter): https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-february-2018.pdf
- Plan A… B… Contingency Plan! (March 2018 Cybersecurity Newsletter): https://www.hhs.gov/sites/default/files/march-2018-ocr-cyber-newsletter-contingency-planning.pdf
- Cybersecurity Incidents will happen… Remember to Plan, Respond, and Report! (May 2017 Cybersecurity newsletter): https://www.hhs.gov/sites/default/files/may-2017-ocr-cyber-newsletter.pdf
For more information on our HIPAA compliance and cybersecurity programs, visit here.