Cybersecurity Resources for Healthcare

Recently The HHS Office for Civil Rights (OCR) shared a comprehensive list of resources for any HIPAA-regulated entity to assist them in the prevention, detection, and mitigation of data breaches of protected health information that occurs because of hacking or ransomware.

As a covered entity or business associate under HIPAA compliance, an attack on your business may expose unsecured protected health information (PHI).  Under the HIPAA Breach Notification Rule, there are reporting requirements that you must adhere to.

HIPAA Secure Now can help you to mitigate the rising risk of a cybersecurity breach, as well as maintain HIPAA compliance.  Not sure if you’re covered? We can help you to uncover any gaps in your business structure.

This section contains briefs that outline individual threats in detail.

HHS Health Sector Cybersecurity Coordination Center Threat Briefs

A summary page can be found here. 

o    January 28, 2021 – ATTACK for Emotet

o    March 12, 2021 – New Ryuk Variant Analyst Note

o    April 8, 2021 – Ryuk Variants

o    May 25, 2021 – Conti Ransomware Analyst Note

o    June 3, 2021 – Ransomware Trends 2021

o    July 8, 2021 – Conti Ransomware

o    July 8, 2021 – Phobos Ransomware Analyst Note

o    August 5, 2021 – Qbot/QakBot Ransomware

o    August 6, 2021 – Lazio Ransomware Attack Analyst Note

o    August 19, 2021 – REvil Update

o    August 24, 2021 – OnePercent Group Ransomware Alert

o    August 25, 2021 – IOCs Associated with Hive Ransomware Alert

o    September 2, 2021 – Demystifying BlackMatter

HHS Resources on Section 405(d) of the Cybersecurity Act of 2015:

• Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx
• Cybersecurity Reports and Tools https://www.phe.gov/Preparedness/planning/405d/Pages/reportandtools.aspx

OCR Guidance:

• Ransomware https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
• Cybersecurity

https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html

• Risk Analysis

https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/rafinalguidancepdf.pdf

 

HHS Security Risk Assessment Tool:

• https://www.healthit.gov/topic/privacy-security-and-hipaa/security-risk-assessment-tool

 

CISA Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches:

• https://www.cisa.gov/stopransomware
• https://www.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Protecting_Sensitive_and_Personal_Information_from_Ransomware-Caused_Data_Breaches-508C.pdf

 

CISA Ransomware Guide:

• https://www.cisa.gov/sites/default/files/publications/CISA_MS-ISAC_Ransomware%20Guide_S508C_.pdf

 

FBI Ransomware Resources:

• https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
• https://www.ic3.gov/Media/Y2019/PSA191002

 

OCR Cybersecurity Newsletters:

• Making a List and Checking it Twice: HIPAA and IT Asset Inventories (Summer 2020 Cybersecurity newsletter): https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-summer-2020/index.html
• What Happened to My Data?: Update on Preventing, Mitigating and Responding to Ransomware (Fall 2019 Cybersecurity Newsletter):https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-fall-2019/index.html
• Phishing (February 2018 Cybersecurity Newsletter): https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-february-2018.pdf
• Plan A… B… Contingency Plan! (March 2018 Cybersecurity Newsletter): https://www.hhs.gov/sites/default/files/march-2018-ocr-cyber-newsletter-contingency-planning.pdf
• Cybersecurity Incidents will happen… Remember to Plan, Respond, and Report! (May 2017 Cybersecurity newsletter): https://www.hhs.gov/sites/default/files/may-2017-ocr-cyber-newsletter.pdf

For more information on our HIPAA compliance and cybersecurity programs, visit here.