We all knew it was coming as cybercriminals have been targeting the healthcare industry over the past several months. A recent government report indicated there have been about 4,000 daily ransomware attacks on average since early 2016. That is a rise of 300% over the 1,000 daily ransomware attacks reported in 2015. Now new guidance from the Department of Health and Human Services Office for Civil Rights (OCR) states ransomware attacks are HIPAA breaches and must comply with reporting and recovery requirements.
HIPAA (Health Insurance Portability and Accountability act) is the predominant US regulation to safeguard medical information for healthcare providers.
This ruling will drive healthcare providers to increase focus on addressing ransomware risks more seriously or be faced with regulatory consequences that can include end-user notification, risk remediation, and potentially fines. For customers, it may translate to more security of our health records but at a price, as providers will likely pass on the costs of better security. For most, this is a very good step as in the US, healthcare data breaches have reached excessive levels.
HHS.gov Fact Sheet: Ransomware and HIPAA
For more insights, Healthcare Informatics has a good write up: http://www.healthcare-informatics.com/news-item/cybersecurity/hhs-issues-guidance-ransomware-attacks-and-hipaa-breaches
Interested in more? Follow me on Twitter (@Matt_Rosenquist) and LinkedIn to hear insights and what is going on in cybersecurity.
┌(▀Ĺ̯ ▀-͠ )┐
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit