This month a memo went out from the White House and Cybersecurity and Infrastructure Agency (CISA) to industry leaders that emphasized the threat posed by ransomware within their businesses as well as emphasizing just how important it was to the current administration to prioritize the awareness. The memo also is putting the responsibility on the private sector to take ownership of their part of the equation in protecting themselves, and ultimately businesses, against the threat of cybercrime.
What stood out in this memo was the quote that “To understand your risk, business executives should immediately convene their leadership teams to discuss the ransomware threat and review corporate security posture and business continuity plans to ensure you have the ability to continue or quickly restore operations.” The administration is saying you need to look at this as more than an act of data theft. We couldn’t agree more.
It then continues to outline the steps you should take to protect yourself, your business, and your data. Reference the link in the first paragraph for more details on those steps.
In addition to the information released by those offices, an alert from HHS Office for Civil Rights was included titled Fact Sheet: Ransomware and HIPAA, providing additional information to entities regulated by HIPAA rules. It reiterates the increase in daily ransomware attacks and how these are conducted by exploiting human and technical weaknesses. At HIPAA Secure Now, we continually emphasize the human factor in cybersecurity, but we want to emphasize that in conjunction with this is the ability to make the humans in your business your greatest asset when it comes to cybersecurity. Being human isn’t the fatal flaw, it is how you can strengthen your security posture with behaviors that prevent cybercrime from advancing throughout your world whether it be professional or personal.
The fact sheet outlines what ransomware is and provides detail about how HIPAA compliance can assist healthcare businesses in preventing it from being deployed within their network. But as always, it bears repeating, HIPAA compliance is NOT the same as having a strong cybersecurity program, but they do go hand in hand and can complement each other. Our solution addresses both of these.
A complete solution will help you address your organization’s risk factors for both HIPAA violations or audits and cybersecurity weaknesses. From there a plan should be devised to address all concerns, reinforce weak areas, and provide ongoing training that strengthens the human factor. In addition, having a plan to respond to a cyberattack is necessary, because, like a medical emergency, a timely response can mean the difference between survival or death. Make sure your business has all of the odds in your favor.