ComplyAssistant’s Gerry Blass comments on the biggest threats to healthcare organizations that we should be concerned about in Healthcare IT Today’s “The Ever Evolving World of Cybersecurity Threats” article.
In January 2021, HHS’s Health Industry Cybersecurity Practices (HICP) rule was signed into law. It is an extension of the HIPAA/ HITECH Security Rule and identifies the top five threats to healthcare organizations. They are:
- Email phishing attacks
- Ransomware attacks
- Loss or theft of equipment or data
- Internal, accidental or intentional data loss
- Attacks against connected medical devices that may affect patient safety
Email phishing and ransomware attacks have caused extended critical system and connected medical device downtimes that impact not only breaches of PHI and PII but also threaten patient lives. What are some of the latest technologies or security approaches that every healthcare organization should have in place to address cybersecurity threats? HICP identifies the top ten recommended security practices (RSPs), aka “controls,” that are scoped for small, medium, and large healthcare organizations. They are:
- Email protection systems
- Endpoint protection systems
- Access management
- Data loss prevention
- Asset management
- Network management
- Vulnerability management
- Incident response
- Medical device security
- Cybersecurity policies
To continue reading this article, click here.