myCPE
myCPE

All Courses, One Price. Unlimited Access and Many Benefits.

Subscribe $199

April Accelerate Sale 2024 : 67% Savings on Subscription. Offer Ends Soon! April Accelerate Sale 2024 :
67% Savings on Subscription. Offer Ends Soon!
00hrs : 00min : 00sec

View Offer

Inside This Article

This year, we’ve seen an influx of healthcare cyberattacks where threat actors have stolen large volumes of electronic protected health information (ePHI) and personally identifiable information (PII). It’s a familiar problem: the healthcare sector lost more than $20 billion in 2020 as the result of ransomware attacks alone. Now, the threat level is only rising.  

To protect themselves, healthcare organizations need to implement a robust cybersecurity program. From completing assessments, to partnering with cybersecurity vendors, or updating internal processes, there are specific actions healthcare organizations should pursue to minimize their risk of a cyberattack. 

In this blog, we’ll detail which steps healthcare organizations can take to help bolster their internal defenses. 

Focus on Strengthening Internal Resources

Even more important than finding strong partners is creating a strong security structure within your own organization. To do so, begin by appointing a security officer and a privacy officer. The individuals in these roles should develop and document security and privacy policies, standards, and procedures to ensure all personnel are aware of their responsibilities. As can be said for all important guidelines, every employee should have easy access to this information.  

An internal security committee composed of stakeholders from all departments across the organization should also be established. By making sure every branch has a representative present, organizations can more easily identify cross-departmental vulnerabilities.  

The goal of the committee is to perform a risk assessment and develop controls to mitigate risk to an acceptable level. Some of those controls include:

  • Installing endpoint protection on all company devices and servers. 
  • Implementing media and mobile device policies and encrypting data at rest.  
  • Enforcing a strong WPA AES-256 encryption policy for all wireless networks. 
  • Adopting Open Web Application Security Project (OWASP) level security when developing applications and deploying changes. The Committee must patch all systems periodically to ensure they are operating under the best practices.  
  • Installing security information and event management (SIEM) tools to detect and monitor all activities within the network. 
  • Ensuring the organization has put an Incident Response Plan in place, along with testing the plan on an annual basis. 

On a broader level, there are certain actions that all employees at healthcare organizations should take to aid in security efforts. These include completing comprehensive security awareness and HIPAA training on an annual basis, ensuring all of the software they use is up to date, and reading and acknowledging their organization’s Acceptable Use Policy. 

Partner With Vendors Who Can Mitigate Risk During Healthcare Cyberattacks 

In addition to pursuing audits and assessments, healthcare organizations should seek out partnerships with vendors who specialize in cybersecurity services. 

While most organizations likely already have a dedicated IT team, they should still maintain a relationship with a breach forensic firm. Not only will a firm help an organization identify and report breaches in a timely manner, but they will also make sure the organization stays in accordance with all of the compliance standards they follow, such as the HIPAA breach notification law.

Additionally, organizations should make sure they have a cyber insurance plan in place. As there is no framework or guideline that can 100% eliminate the possibility of a cyberattack, having an insurance policy will minimize the amount an organization would have to pay if a breach should occur.

Focus on Compliance and Security Assessments  

There are several security compliance assessments unique to healthcare organizations that can help ensure information remains private and protected. For organizations that store, process, or transmit, ePHI, HIPAA compliance is a must. HIPAA is a U.S. law that was enacted to protect sensitive patient data. For organizations that are uncertain if they are currently HIPAA compliant, a third-party organization like A-LIGN can review current safeguards in place and identify areas where organizations can enhance their information security program. A-LIGN’s audit experts created A-SCEND’s HIPAA Readiness Assessment– the only SaaS compliance management solution that includes live auditor assistance, making it a fast and easy way to achieve HIPAA compliance. 

The most reliable ways on demonstrating HIPAA compliance is by using the HITRUST CSF to perform a certification or by using the AICPA Trust Services Criteria to perform a SOC 2+HIPAA Attestation.  

Healthcare organizations should also complete an organization-level Enterprise Risk Assessment. This assessment identifies all the critical assets of the organization, determines the threats to those assets, and ranks the risks based on the probability and impact of an asset being compromised. It’s a key step in identifying threats and implementing controls to mitigate risk.  

Another great, proactive way to protect data and mitigate risk is to conduct a penetration test. These tests simulate a network attack and illustrate how your organization would respond. It’s a great way to identify gaps in your security infrastructure and fix them before a bad actor takes advantage.

How Organizations Can Act Now  

Throughout 2022, threat actors will likely still view healthcare cyberattacks as a worthy endeavor — especially small and mid-sized providers and their associates. To minimize the risk of healthcare cyberattacks, organizations should look to pursue relevant audits and adhere to compliance standards, partner with organizations who can assist during incidents, and bolster internal resources via key hires or the development of a dedicated security committee.  

Check out our cybersecuritycpe courses/webinars today!

Blaise Wabo
Blaise Wabo

HITRUST i1 is a gamechanger for the compliance industry — it fills a crucial market gap for businesses that want a highly reliable security certification for moderate risk assurance. Because security is an ongoing process of continuous improvement, the fact that this assessment is frequently updated to maintain continuous relevance is highly appealing. If you’re seeking guidance on HITRUST, A-LIGN is here for you. We have helped hundreds of clients achieve HITRUST certification and can make your HITRUST journey as smooth and efficient as possible.

Subscribed
Melody purchased a subscription.
Subscribed
Aileen purchased a subscription.
Subscribed
Peilin purchased a subscription.
Subscribed
Ruochen purchased a subscription.
Subscribed
Christina purchased a subscription.
Subscribed
KRISTIN purchased a subscription.
Subscribed
Eleanor purchased a subscription.
Subscribed
Lisa purchased a subscription.
Subscribed
Mary purchased a subscription.
Subscribed
Hillary purchased a subscription.
Subscribed
Daniel purchased a subscription.
Subscribed
Charumathi purchased a subscription.
Subscribed
Kathleen purchased a subscription.
Subscribed
Valarie purchased a subscription.
Subscribed
Amberly purchased a subscription.
Subscribed
Camisha purchased a subscription.
Subscribed
Gene purchased a subscription.
Subscribed
Kristi purchased a subscription.
Subscribed
Stephen purchased a subscription.
Subscribed
Jon purchased a subscription.
Subscribed
Renee purchased a subscription.
Subscribed
ADRIANA purchased a subscription.
Subscribed
Robert purchased a subscription.
Subscribed
Amy purchased a subscription.
Subscribed
Alma purchased a subscription.
Subscribed
Victoria purchased a subscription.
Subscribed
Rick purchased a subscription.
Subscribed
Lorraine purchased a subscription.
Subscribed
Pamela purchased a subscription.
Subscribed
MATTHEW purchased a subscription.
Subscribed
ARASH purchased a subscription.
Subscribed
Paul purchased a subscription.
Subscribed
Emma purchased a subscription.
Subscribed
Steven purchased a subscription.
Subscribed
Charis purchased a subscription.
Subscribed
JAGADEESHA purchased a subscription.
Subscribed
Mia purchased a subscription.
Subscribed
AXEL purchased a subscription.
Subscribed
Meggen purchased a subscription.
Subscribed
jane purchased a subscription.
Subscribed
James purchased a subscription.
Subscribed
Aycan purchased a subscription.
Subscribed
Carolyn purchased a subscription.
Subscribed
Kim purchased a subscription.
Subscribed
Gail purchased a subscription.
Subscribed
Larry purchased a subscription.
Subscribed
Michael purchased a subscription.
Subscribed
Ekaterina purchased a subscription.
Subscribed
Wendy purchased a subscription.
Subscribed
Timothy purchased a subscription.
Subscribed
Mickey purchased a subscription.
Subscribed
Jacqueline purchased a subscription.
Subscribed
Gordon purchased a subscription.
Subscribed
Laura purchased a subscription.
Subscribed
Diane purchased a subscription.
Subscribed
Robert purchased a subscription.
Subscribed
Vincent purchased a subscription.
Subscribed
Penny purchased a subscription.
Subscribed
Barry purchased a subscription.
Subscribed
Cristilyn purchased a subscription.
Subscribed
Michael purchased a subscription.
Subscribed
Ryan purchased a subscription.
Subscribed
Maksim purchased a subscription.
Subscribed
Tracy purchased a subscription.
Subscribed
James purchased a subscription.
Subscribed
Kyounghwa purchased a subscription.
Subscribed
SUSAN purchased a subscription.
Subscribed
Peter purchased a subscription.
Subscribed
Marshall purchased a subscription.
Subscribed
Tilak purchased a subscription.
Subscribed
Andrew purchased a subscription.
Subscribed
matthew purchased a subscription.
Subscribed
Monica purchased a subscription.
Subscribed
Katharina purchased a subscription.
Subscribed
Jeff purchased a subscription.
Subscribed
Dennis purchased a subscription.
Subscribed
Elizabeth purchased a subscription.
Subscribed
Sergei purchased a subscription.
Subscribed
Steven purchased a subscription.
Subscribed
Emmanuel purchased a subscription.
Subscribed
Brandy purchased a subscription.
Subscribed
Sayed purchased a subscription.
Subscribed
Arthur purchased a subscription.
Subscribed
Stephen purchased a subscription.
Subscribed
Richard purchased a subscription.
Subscribed
Lauren purchased a subscription.
Subscribed
Jami purchased a subscription.
Subscribed
Amy purchased a subscription.
Subscribed
Matthew purchased a subscription.
Subscribed
Jackie purchased a subscription.
Subscribed
Christopher purchased a subscription.
Subscribed
Lakeesha purchased a subscription.
Subscribed
Mohamed purchased a subscription.
Subscribed
Amy purchased a subscription.
Subscribed
Lauren purchased a subscription.
Subscribed
Christopher purchased a subscription.
Subscribed
Abbey purchased a subscription.
Subscribed
Steve purchased a subscription.
Subscribed
Tina purchased a subscription.
Subscribed
Daniel purchased a subscription.