Managing Security: Healthcare Cybersecurity Policies and Standards

Establishing a healthcare cybersecurity policy is important for multiple reasons. Cybersecurity policies create standards for your staff, enabling them to keep sensitive information private. HIPAA requires healthcare organizations to have policies and procedures that limit the use and disclosure of patient information, and to ensure that it is not accessed inappropriately. How to Create Your Healthcare Data Security Policy Cybersecurity policies provide [...]

2022-11-04T16:32:43-04:00November 4th, 2022|

Managing Technology: Medical Device Security

Managing your organization’s cybersecurity is complex. Many fail to account for medical device security, forgetting that these devices connect to the internet, making them vulnerable. Medical device security standards are essential to consider as part of your overall security strategy. Medical Device Security Standards Medical device security is imperative to safeguard protected health information (PHI) adequately. Many medical devices, such as MRI [...]

2022-11-04T16:32:43-04:00November 2nd, 2022|

Healthcare Network Security: Network Management

One of the HHS cybersecurity best practices recommends that organizations implement network management processes to improve data security. Network security in healthcare is more important than ever. Healthcare organizations are vulnerable to hacking incidents when they fail to implement network security practices. What is Network Management? Network management is the process of securing and maintaining a network by implementing security practices. Healthcare [...]

2022-10-28T16:04:41-04:00October 26th, 2022|

Cybersecurity Best Practices: Healthcare Asset Management

As part of the practice of handling protected health information (PHI) during their regular duties, healthcare providers must take precautions to safeguard sensitive information. The Department of Health and Human Services (HHS) recommends ten practices that anyone handling PHI needs to implement, the fifth of which is healthcare asset management. What is Healthcare Asset Management?  Healthcare asset management, as HIPAA views it, [...]

2022-10-21T12:56:47-04:00October 21st, 2022|

HHS Warns of Increases in Insider Data Breaches

In April of 2022, the Department of Health and Human Services (HHS)’ Office of Information Security issued a 27-page publication, entitled “Insider Threats in Healthcare.” The publication covers a significant trend in cybersecurity: More and more, healthcare organization data breaches are being caused by internal (employee) action as opposed to actions from outside third parties. HHS defines an “Insider threat in the [...]

2022-05-06T17:03:27-04:00April 27th, 2022|

HHS Seeks Public Input on How to Implement Cybersecurity Best Practices Bill

In January of 2021, HR 7898, nicknamed the Cybersecurity Best Practices bill, was signed into law. Under this law, the Department of Health and Human Services (HHS) Office for Civil Rights (OCR) must consider whether an entity used recognized cybersecurity best practices in the year preceding a violation when deciding whether to penalize the organization.  In April of 2022, OCR issued a [...]

2022-05-06T17:03:29-04:00April 7th, 2022|

OCR Cybersecurity Newsletter Offers Guidance Against Common Cyberattacks

Each quarter the Department of Health and Human Services’ Office for Civil Rights issues a cybersecurity newsletter. The newsletter highlights cybersecurity trends affecting the healthcare industry. As the March 2022 OCR Cybersecurity Newsletter notes, the number of hacking and IT incidents affecting electronic protected health information (ePHI) has shot up, and rather quickly at that. In fact, there has been a 45% increase in the number [...]

2022-05-06T17:03:31-04:00March 25th, 2022|