Cybersecurity Response Plans and CIRCIA

In March 2022, President Joe Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA). This new law will likely trigger changes to the cybersecurity response plans of many organizations. While there is not currently a standard to enforce, healthcare providers and the companies that provide support services to them will be affected by this new law.  CIRCIA Background [...]

2023-04-06T13:57:50-04:00November 14th, 2022|

Managing Security: Healthcare Cybersecurity Policies and Standards

Establishing a healthcare cybersecurity policy is important for multiple reasons. Cybersecurity policies create standards for your staff, enabling them to keep sensitive information private. HIPAA requires healthcare organizations to have policies and procedures that limit the use and disclosure of patient information, and to ensure that it is not accessed inappropriately. How to Create Your Healthcare Data Security Policy Cybersecurity policies provide [...]

2023-04-06T13:57:52-04:00November 4th, 2022|

Managing Technology: Medical Device Security

Managing your organization’s cybersecurity is complex. Many fail to account for medical device security, forgetting that these devices connect to the internet, making them vulnerable. Medical device security standards are essential to consider as part of your overall security strategy. Medical Device Security Standards Medical device security is imperative to safeguard protected health information (PHI) adequately. Many medical devices, such as MRI [...]

2023-04-06T13:57:52-04:00November 2nd, 2022|

HIPAA Cyber Incident Response Requirements

The HHS cybersecurity best practices serve as a guide healthcare organizations can adopt to improve their security posture. One of these best practices is security incident response.  HIPAA requires healthcare organizations to report security incidents to the Office for Civil Rights (OCR). HIPAA defines a security incident as “the attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or [...]

2023-04-10T11:17:42-04:00October 31st, 2022|

HIPAA Vulnerability Management: Identifying and Addressing Security Gaps

Vulnerability management is a crucial part of any cybersecurity program and is one of the Department of Health and Human Services recommended cybersecurity best practices. Specific to healthcare, HIPAA vulnerability management refers to identifying risks to patient information and implementing measures that reduce the risk. What is HIPAA Vulnerability Management? HIPAA vulnerability management identifies possible risks in an organization’s network security.  This [...]

2023-04-06T13:57:53-04:00October 28th, 2022|

Healthcare Network Security: Network Management

One of the HHS cybersecurity best practices recommends that organizations implement network management processes to improve data security. Network security in healthcare is more important than ever. Healthcare organizations are vulnerable to hacking incidents when they fail to implement network security practices. What is Network Management? Network management is the process of securing and maintaining a network by implementing security practices. Healthcare [...]

2023-04-06T13:57:54-04:00October 26th, 2022|

Cybersecurity Best Practices: Healthcare Asset Management

As part of the practice of handling protected health information (PHI) during their regular duties, healthcare providers must take precautions to safeguard sensitive information. The Department of Health and Human Services (HHS) recommends ten practices that anyone handling PHI needs to implement, the fifth of which is healthcare asset management. What is Healthcare Asset Management?  Healthcare asset management, as HIPAA views it, [...]

2023-04-10T11:18:06-04:00October 21st, 2022|

Limiting PHI Exposure with HIPAA Access Management and Controls

Healthcare organizations regularly handle patient information and must take precautions to safeguard sensitive data. Implementing HIPAA access controls and having an access management system reduces the likelihood of unauthorized access to protected health information (PHI). Access management is also one of the Department of Health and Human Services (HHS) ten recommended cybersecurity best practices. What is HIPAA Access Management?  HIPAA access management [...]

2023-04-06T13:57:55-04:00October 19th, 2022|

The Hardest Healthcare Cybersecurity Vulnerability To Patch

As of September 23, 2022, the Cybersecurity and Infrastructure Security Agency (CISA) added 225 additional vulnerabilities to its Known Exploited Vulnerability Catalog, bringing the total to 834. These are software and operating systems vulnerabilities exploited by cybercriminals in real-world attacks. Patching healthcare cybersecurity vulnerabilities upon discovery is critical to maintaining the security and integrity of any network. But one type of vulnerability [...]

2023-04-06T13:57:57-04:00October 14th, 2022|

Cybersecurity Best Practices: HIPAA Data Loss Prevention

Handling patients’ protected health information is something healthcare providers do every day. Because of its sensitive nature, extra precautions must be taken to safeguard PHI. The Department of Health and Human Services (HHS) recommends ten practices that anyone handling PHI needs to implement, the fourth of which is HIPAA data loss prevention. What is HIPAA Data Loss Prevention?  HIPAA defines standards by [...]

2023-04-06T13:57:57-04:00October 12th, 2022|