If you are a Covered Entity, you have a vested interest in ensuring your Business Associates are HIPAA compliant. The Office for Civil Rights (OCR) has recently increased its scrutiny of Business Associates, as evidenced by several highly publicized HHS Resolution Agreements levied against this sector. When a Business Associate is found in violation of HIPAA law, the reputation and public trust of the related Covered Entity is negatively impacted. Furthermore, federal law requires Covered Entities to take reasonable steps to ensure their Business Associates maintain HIPAA compliance. With stakes this high, Covered Entities would do well to ensure they have employed a solid Business Associate Management Program.
While no healthcare organization is immune to cyber-attack, those that implement precautions can either significantly reduce their chances of attack, or at the very least, mitigate the damage in the event of an attack. Administrative defenses are a key component of cybersecurity because they cover the gap that technical defenses cannot protect. In fact, some common cyber-crime entry points are those that technical defenses simply can’t thwart, such as social engineering ploys and phishing expeditions.
Cyber-risk in the healthcare industry is not just an issue for IT Departments, it is a major problem for healthcare executives and stakeholders. The technical security defenses employed by an IT Department cannot fully protect an infrastructure, because cyber criminals are adept at exploiting those defenses or finding alternate points of entry. Cyber-crime threatens a provider’s legal, financial, reputational and operational position, making it a corporate challenge that requires executive and board-level oversight.
Is your Healthcare organization equipped to respond to a suspected or confirmed data breach? According to Ponemon’s Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data, data breaches in healthcare remain consistently high for the 6th consecutive year in terms of volume, frequency, impact, and cost. In fact, nearly 90 percent of healthcare organizations represented in this study had a data breach in the past two years, and nearly half, or 45 percent, had more than five data breaches in the same time period.
For more information on how you can best protect your organization from social engineering scams, download our Cybersecurity eBook by clicking on the below link:
Healthcare providers are among the most frequently pursued cyberattack targets, largely because the data stored in their systems has become a lucrative currency to hackers.
Healthcare organizations face a rising threat of malicious attacks that target protected health information. The trend continues to escalate, despite efforts to shore up healthcare security. Motivated by a combination of lucrative pay-offs for stolen health information and generally weaker defenses compared to other industries, hackers are developing enhanced proficiency in identifying and exploiting security vulnerabilities in healthcare IT. The threat looms from all directions, but the most common points of entry are internet, social media, e-mail, mobile devices, USB’s, and cloud and network infrastructure.
Literally hundreds of times per day, hackers worldwide are using the internet to probe your corporate IT structure in search of vulnerabilities. These touches are conducted with methods so sophisticated that the hackers are able to hide their intentions. Their objective however is clear: the exploitation of sensitive data for either profit or bragging rights.
HIPAA violations are costing healthcare providers millions of dollars in fines, not to mention negative publicity and reputational damage. Yet lack of compliance among many healthcare providers persists, largely because HIPAA compliance can be a very complex process. HIPAA Privacy, Breach and Security Rules encompass hundreds of requirements and implementation specifications, all enforced by the Office for Civil Rights (OCR). Enforcement is strict and tenacious, and OCR is known to vigorously pursue any and all infractions. Moreover, the government does not consider ignorance of HIPAA law a defense. With literally millions of dollars at risk, can your organization really afford to ignore the legal and ethical responsibility of HIPAA compliance?
Does your organization perform routine HIPAA Security Risk Analyses? If so, are those analyses “good enough”? With the 2016 Office for Civil Rights (OCR) audits currently underway, and more audits looming for 2017, healthcare organizations would be wise to shore up their security regimens to ensure compliance with the HIPAA Security Rule.