What the security community says about a specific industry vertical usually holds true for a good percentage of what is seen in the wild. You can ask any hacker, defender, CISO, etc what industries struggle the most and there are common themes in their answers. Top of the list includes healthcare, manufacturing, government, and financial. Some of the most heavily compliance controlled and regulated are also some of the least secure. Why is this? Is it due to administrators and senior management taking compliance standards as gospel? Maybe it’s a lack of knowledgeable staff like the blind leading the blind.
Know How to Respond to a Cyber Security Incident
Organizations that fall under the purview of HIPAA have to respond quickly to a cyber attack. The Office for Civil Rights (OCR) under the U.S. Department of Health and Human Services (HHS) issued a step-by-step guide to aid organizations. As a covered entity, your organization must have a contingency plan and incident procedures in the event of a security breach.
Understanding OCR Guidance on Ransomware
With the prevalence of data breaches, ransomware has also come to the forefront of security threats. This malicious software is created by hackers who encrypt data and hold it hostage. Users are denied access to this data until they pay a ransom to the hacker.
Cybersecurity breaches reached unprecedented levels in 2017. Few were spared as businesses and government entities alike -- including Equifax, the British National Health Service and even the U.S. National Security Agency, as well as dozens of others -- were hit with data breaches. While frequent targets like the financial sector and retail industries experienced their fair share of attacks, the healthcare sector is now the primary target of hackers, accounting for 25 percent of all data breaches. Understanding why this is happening and the consequences of it will help you improve your company's cybersecurity defenses and mitigate future threats.
With data breaches in the healthcare industry increasing exponentially, it's critical for those in leadership positions to get serious about HIPAA security and enforcement. You need to understand not only why HIPAA is important but how the rule enforcement process works and the penalties that can be implemented.