Briefings on HIPAA: Cybersecurity in Healthcare
Principal Liz Heddleston was recently interviewed by HCPro for a story published on April 8, 2024, discussing the rising threat of ransomware attacks for healthcare providers. The story highlights lessons learned from a ransomware attack on a Maryland-based behavioral health practice that exposed the data of more than 14,000 patients, resulting in a recent monetary settlement between the practice and the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR). The incident – and the settlement that followed – serves as a reminder for healthcare providers about the importance of having HIPAA compliance and strong cybersecurity measures in place.
Liz answered several questions about ransomware breaches, including:
- How can healthcare organizations prepare for the increasing threat of ransomware?
- What role does employee training play in preventing cybersecurity breaches, and what are the best practices for implementing this training?
- How should healthcare organizations approach third-party vendor management to ensure HIPAA compliance and minimize breach risks?
- What immediate actions should be taken to mitigate damage immediately following a breach?
- After an incident, how can an organization effectively incorporate “lessons learned” into the security management process?
Liz told the publication, “Ransomware attacks can lead to legal risks and reputational harm and can be costly to contain and remediate. A good cyber insurance policy is paramount for protecting your organization against these risks. Ransomware attacks impacting PHI need to be reported to HHS-OCR and may trigger an investigation by federal regulators. These investigations can be very detailed and can get into the weeds of what measures you did (and did not) have in place before the breach. Failure to comply with HIPAA can lead to the imposition of corrective action and even fines and penalties in severe cases. Even though the healthcare organization was the victim of a criminal ransomware activity, it doesn’t let you off the hook in terms of HIPAA compliance.”
Subscribers to HCPro are able to access the complete article here. If you are not a subscriber and would like more information on HIPAA compliance in the context of cybersecurity safety, please contact Liz.
Team
- Principal