With the prevalence of data breaches, ransomware has also come to the forefront of security threats. This malicious software is created by hackers who encrypt data and hold it hostage. Users are denied access to this data until they pay a ransom to the hacker.Ransomware attacks are becoming more prevalent. Research indicates that ransomware attacks have increased by 300 percent from 2015 to 2016. This pervasiveness of ransomware attacks leaves health care organizations and patients vulnerable to financial loss and invasion of privacy. Healthcare providers are a primary target of ransomware attacks. Ransomware accounted for 72 percent of all the malware attacks in 2016 experienced by healthcare providers.That is why it is more important now than ever before to protect your company's and your patients' data from these cyber-attacks. The Department of Health and Human Services Office for Civil Rights (OCR) now has guidelines under the Health Insurance Portability and Accountability Act (HIPAA) that define HIPAA's role in these cybersecurity threats. The OCR has also set guidelines for healthcare providers to follow that give direction on how to prevent and respond to these types of cyber-attacks. Here is what you should know:
How to Prevent Ransomware Attacks
HIPAA also plays an integral role in helping organizations with ransomware prevention and recovery by providing essential direction on requirements for compliance. Under the HIPAA Security Rule, the OCR requires that healthcare entities put security measures into action to prevent ransomware and other malicious software from infiltrating systems. These preventive measures include the following:
Enforcing threat detection and endpoint malware protection procedures to identify malware and safeguard against it
Training staff on how to identify and report on malicious software
Limiting access of electronic protected health information (ePHI) to authorized users
Creating and putting in action a threat management procedure that includes a detailed threat analysis plan and response to threats
Identify and AnalyzeAssessing the breach is a crucial part of the recovery from a ransomware attack, and health care enterprise leaders should conduct a threat analysis. Under the HIPAA Security Rule, business associates and entities that are covered under HIPAA are expected to administer a risk analysis that is thorough and accurate. However, the rules set forth by the OCR under HIPAA are basic. The OCR requires that the threat analysis include a comprehensive evaluation of potential vulnerabilities and risks associated with all ePHI.Identifying ransomware attacks is a key part of preventing them. That is why it is crucial to know how to spot key indicators of ransomware. Some ransomware indicators include spontaneous and heightened disk and CPU activity, denial of access to specific files that are encrypted by the ransomware, and acknowledgment when a malicious website, email link or attached file is malicious.Recovery Steps to TakeBeing able to recover from ransomware attacks is essential to stay in compliance with HIPAA regulations and protect sensitive data from being held ransom. That is why the OCR's guidelines under HIPAA require a threat response plan that includes threat response and recovery procedures. Some steps to take include the following:
Immediately put the threat response procedure in action
Contact local authorities, such as the FBI
Isolate infected systems
By staying in compliance with HIPAA regulations, your healthcare organization can recover safely and at a faster pace from a ransomware attack than if your entity was not in compliance.
How to Manage Breach Notification
When your health care organization experiences a breach of data due to a ransomware attack, it is important to follow the guidelines that HIPAA has set in place to stay in compliance. Responding to breaches requires reporting them as they occur; however, before reporting a breach, it is key to evaluate whether the incident warrants a report.According to the OCR guidelines, a breach is defined as an event that involves an unauthorized disclosure. For example, a breach happens when persons who are unauthorized take over the sensitive data found in the ePHI.When a breach occurs, health care entities are required to report the breach. The report should be thorough and include the incident's scope, including noting the infected applications, networks and systems. Health care organizations should also know the incident's origination, such as who created it and where it initially came from as well as understand the methods of attack used. The report should also define whether or not the incident is ongoing or completed.On the other hand, in the event that your organization can prove that there was a low chance of a compromised ePHI, reporting may not be required. This may include providing proof of whether or not sensitive data was actually viewed and acquired.
Final Thoughts
Ransomware attacks can adversely impact healthcare providers, and they do not seem to be slowing down. That is why endpoint protection and detection should be a key part of your security threat management procedure. By putting these measures in place and staying in compliance with HIPAA regulations, your healthcare entity can be better prepared for ransomware attacks, including being able to respond to them and recover from them at a faster rate.
Subscribe to get new content! Never miss a security update from the team.
Security news, tips, webinars, and more straight to your inbox.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
