Ransomware Attacks and Cybersecurity

Cyber thieves are quite busy, and they’re launching ransomware assaults on small, medium, and large health-care providers at an alarming rate. In response, the Office for Civil Rights (OCR) shared the following resources on September 21, 2021, to ensure that HIPAA-covered entities are aware of the resources available to help them prevent, detect, and mitigate breaches of unsecured protected health information caused by hacking and ransomware.


CISA’s Guide to Ransomware


The Multi-State Information Sharing & Analysis Center of the Cybersecurity & Infrastructure Security Agency (CISA) has released the 2020 Ransomware Guide. Part 1 – Ransomware Prevention Best Practices; and Part 2 – Ransomware Response Checklist – are included in the booklet.


Tips from the FBI on How to Avoid Ransomware


The FBI’s Scams and Safety Ransomware page contains instructional material on how this harmful software operates as well as how to respond to and report incidents.


Threat Briefs from the HC3 (Health Sector Cybersecurity Coordination Center)


Highlights essential cybersecurity themes to enhance situational awareness of current cyber risks, threat actors, best practices, and mitigation methods in the Health and Public Health Sector (HPH).


Tool for assessing security risks at the ONC


Security risk assessments are required by both HIPAA and the CMS Electronic Health Record Incentive Program. The Office of the National Coordinator for Health Information Technology (ONC) has developed a downloadable Security Risk Assessment (SRA) Tool in partnership with the HHS Office for Civil Rights (OCR) to assist you with the process. The tool is intended to assist healthcare providers in conducting a security risk assessment as required by the HIPAA Security Rule and the CMS Electronic Health Record (EHR) Incentive Program.


Task Force established under Section 405(d) of the Cybersecurity Act


Reports and Tools for Managing Cyber Threats and Risks is a free instructional page established by the Health Care Industry Cybersecurity Task Force; the CMS Risk Management Incident Response Handbook; and a link to the FDA site with suggestions for mitigating and managing cybersecurity for medical devices.

Have a question?