Organizations in the healthcare industry already had plenty of reasons to focus on cybersecurity, including HIPAA compliance and protecting sensitive patient data. Now the HIPAA Safe Harbor Bill (HR 7898) – which became law on Jan. 5 – has given providers and others in the healthcare space even more motivation to adhere to industry-standard best security practices.
The new law amends the HITECH Act, instructing the U.S. Department of Health and Human Services (HHS), during HIPAA investigations and enforcement, to consider whether a covered entity or business associate utilized industry-standard security practices during the previous 12 months, according to the Health IT Security article “HIPAA Safe Harbor Bill Becomes Law; Requires HHS to Incentivize Security.”
The text of the law describes the recognized security practices in question as “the standards, guidelines, best practices, methodologies, procedures, and processes developed under…the NIST Act, the approaches promulgated under… the Cybersecurity Act of 2015, and other programs and processes that address cybersecurity and that are developed, recognized, or promulgated through regulations under other statutory authorities,” according to the article.
Under the law, HHS must take cybersecurity into account when determining fines for security incidents, in addition to reducing the extent and length of audits if the entity in question fulfills industry-standard best-practice security requirements.
The Growing Importance of Cybersecurity for the Healthcare Industry
The recently enacted HIPAA Safe Harbor Bill means that healthcare providers and others in the industry will potentially face less severe consequences for security incidents if there’s evidence they’ve been following best cybersecurity practices. As a result, it’s more prudent than ever to invest in a comprehensive IT security strategy. Doing so will not only ensure HIPAA compliance and mitigate the consequences in the event that a data breach occurs but also drastically reduce the chances of a security incident occurring in the first place.
The pandemic and the flurry of illegal activity by bad actors seeking to exploit the public health crisis has made data security a particularly pressing issue in the realm of healthcare. For instance, in October 2020, HHS, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory warning of “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” More specifically, the alert explains that hackers were bombarding the healthcare and public health sector with TrickBot and BazarLoader malware, launching ransomware attacks and stealing data.
Overall, not only ransomware but other types of attacks – including botnets, DDoS and remote code execution – increased in November 2020, according to a blog entry from Check Point Software Technologies titled “Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again.” Check Point found that between the beginning of November 2020 and the start of January 2021, the number of cyberattacks targeting healthcare organizations around the world increased by 45 percent.
The driving force behind these attacks is monetary greed. Cybercrime has paid off in the past year as bad actors seized opportunities presented by the pandemic, and now they’re eager for more ill-gotten gains, the blog entry explains.
More than 500 healthcare organizations reported a breach involving at least 500 patient records to the HHS Office for Civil Rights (OCR) during the first 10 months of 2020, according to the 2021 Horizon Report: The State of Cybersecurity in Healthcare from Fortified Health Security. We’ll probably see many more incidents in the healthcare industry as hackers continue to leverage crisis conditions to their advantage.
How to Ensure Your Organization Meets Best Practice Security Requirements
To combat the current outbreak of cybercrime, healthcare organizations must be vigilant and carefully develop and maintain an up-to-date cyber defense strategy to fend off would-be data thieves. For healthcare entities seeking fast, comprehensive coverage, managed cybersecurity programs make a lot of sense.
For example, at Stratosphere Networks, we offer cost-effective managed cybersecurity solutions and services to minimize data breach risk for clients across all industries, including healthcare. Our team can implement low-cost solutions that deliver immediate protection against all kinds of cyberattacks.
For organizations that prefer to fully outsource IT security, our Managed Security Service Provider (MSSP) offering involves our security analysts handling everything, from identifying the right tools to creating a long-term strategy.
We also provide a range of à la carte services, including the following:
- Endpoint and network Managed Detection and Response (MDR)
For an example of our work, take a look at this case study involving a nationwide mail order pharmacy and fulfillment company. With services and solutions like MDR and threat management, we helped them achieve compliance with HITECH and lower their data breach risk level.
To provide our clients in the healthcare industry with the best possible service, we’ve become one of the few select HIPAA-compliant IT service providers. Our team members are well-versed in healthcare regulations and trained to securely handle protected health information (PHI).
If you’d like to assess your organization’s security posture, our free risk assessment questionnaire – which is based on the CIS Controls for cyber defense – only takes 5 minutes to complete and you don’t have to talk to anyone. Feel free to fill it out, and our security analysts can conduct a more in-depth paid assessment if you’re interested after receiving your results.
Cybercriminals won’t stop trying to infiltrate your network, and the last things healthcare organizations need during these already stressful times are service disruptions, financial losses and regulatory consequences stemming from security incidents. Act now to ensure you’re doing all that you can to stop cyberattacks.
For more information about IT security best practices, don’t hesitate to reach out to our security analysts by calling 877-599-3999 or emailing firstname.lastname@example.org.