SC Practical Solutions LLC

Specialized Healthcare Consulting Services

Ransomware & Cyberthreats

Ransomware and hacking are the primary cyber-threats in health care. Over the past five years, there has been a 256% increase in large breaches reported to OCR involving hacking and a 264% increase in ransomware. In 2023, hacking accounted for 79% of the large breaches reported to OCR. The large breaches reported in 2023 affected over 134 million individuals, a 141% increase from 2022.

OCR recommends health care providers, health plans, clearinghouses, and business associates that are covered by HIPAA take the following best practices to mitigate or prevent cyber-threats:

  • Reviewing all vendor and contractor relationships to ensure business associate agreements are in place as appropriate and address breach/security incident obligations.
  • Integrating risk analysis and risk management into business processes and ensuring that they are conducted regularly, especially when new technologies and business operations are planned.
  • Ensuring audit controls are in place to record and examine information system activity.
  • Implementing regular review of information system activity.
  • Utilizing multi-factor authentication to ensure only authorized users are accessing protected health information.
  • Encrypting protected health information to guard against unauthorized access.
  • Incorporating lessons learned from previous incidents into the overall security management process.
  • Providing training specific to the organization and job responsibilities on a regular basis, and reinforcing workforce members’ critical role in protecting privacy and security.

The resolution agreement and corrective action plan may be found at: https://www.hhs.gov/hipaa/for-professionals/compliance-enforcement/agreements/green-ridge-behavioral-health-ra-cap/index.html

The HHS Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information may be found at: https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf

If you believe that your or another person’s health information privacy or civil rights have been violated, you can file a complaint with OCR at https://www.hhs.gov/ocr/complaints/index.html

HHS has developed guidance to help covered entities and business associates better understand and respond to the threat of ransomware. The fact sheet may be found here: https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf?language=es – PDF

LEARN MORE – HHS

LEARN MORE – HCA

Posted In: Resource Information