A new federal resource can help smaller health care organizations get a better handle on their information security practices and it may reveal gaps that need your attention now.
New week, new cyberattacks in the headlines right? The past few months have seen a marked increase in the number of large-scale attacks designed to hold organizations of all sizes and industries hostage when it comes to getting their data back.
To help health care organizations and their vendors become better able to provide a quick response to cyberattacks, the Department of Health and Human Services (HHS) created an infographic and checklist. Its designed to help you overcome that oh-my-gosh-someone-has-accessed-our-data-what-do-we-do-now?!?! feeling.
The reference document contains a high-level overview of the necessary steps any health care organization should take if they suspect their data has been compromised or if an attacker has attempted to breach their networks.
Take a look at the checklist, and ask yourself and your teams if you know the answers to these questions:
- Do we all understand the primary activities we have to complete when a security incident occurs?
- Do we have a detailed procedure to follow guiding how we respond to security incidents?
- Do we know how to most effectively address the incident?
- Can we determine if a breach has occurred? If so, what processes and technologies will we use?
- Do we know the HIPAA and HITECH requirements for analyzing and reporting a breach?
- Who can we connect with to help us find the answers to the questions above, or to give us more insights into the HHS checklist? (Hint: SIMBUS360 can help!)
- Do we need to update our existing practice guidelines around information security based on these steps?
For many small to mid-sized health care organizations, information security is a complicated issue they simply dont have the staff or expertise to adequately address. Thats why high-level resources like the checklist are so useful, and why Im so grateful I have the chance to share resources like this with you on this blog.
These items give you a place to start when it comes to building or enhancing your information security and privacy practices. Importantly, they give you a starting point, helping you figure out which questions you need to ask of information security, privacy and compliance experts.