Health and Human Services Ransomware Guidelines
According to a report from the Ponemon Institute, the biggest threats facing the health care industry are denial-of-service attacks, malware, and of course ransomware. As a result, the US Department of Health and Human Services Office for Civil Rights (OCR) is coming up with guidelines to help hospitals and other organizations better protect themselves from ransomware and deal with cyberattacks when they do occur.
There is some debate over whether ransomware attacks are technically considered a breach, consequently healthcare organizations have not been reporting them as such. Part of the new OCR guidance is looking to define when a ransomware attacks meets the criteria of a breach and therefore requiring healthcare organizations to notify patients and the OCR.
Unfortunately, the guidelines put out by the OCR will likely be recommendations that healthcare organizations have already heard and have chosen to ignore in order to cut costs or mistakenly believing their insurance will cover the losses as a result of a ransomware attack. Most hospitals do not have a digital strategist at the executive level and over a third don’t have a chief information security officer. Those that do typically do so in name only. The information and technology on how to protect themselves already exists, it’s just that most healthcare organizations refuse to take some of the most basic steps in order to protect themselves and their patients.
In order to better protect you or your organization from being taken advantage of by ransomware, download the free Ransom Protection Checklist or sign up to receive it by mail. If you find that you might be at risk, schedule a free 10 minute Ransomware Safety Review.