CompliancePro - Automating HIPAA Privacy & Security Compliance

(321) 268-0320     info@complianceprosolutions.com

  • Home
  • Products & Solutions
    • PrivacyPro Inpatient Solution
    • PrivacyPro Outpatient Solution
    • Solutions for Business Associates
    • HIPAA Training Courses
  • HIPAA Training
  • News
  • Resources
    • Brochures
    • Whitepapers and Tools
    • Webinars
    • FAQs
    • Newsletter Archives
  • Our Team
    • Partners
  • Contact Us

HIPAA Security Compliance 101 - Lesson 4

5/17/2017

0 Comments

 

HIPAA and the WannaCry Virus


If you've been following the news lately, no doubt you've heard or read about the recent cyber attack called WannaCry. WannaCry is a particular nasty type of malware known as "ransomware" which 
infects your computer and blocks access to your data until you pay an extortion fee. According to the latest reports, the attack was first discovered on May 12 and spread to over 150 countries, including the United States.  Over 48 medical facilities in the U.K. were infected by the virus.

HHS has published a fact sheet specifically about ransomware that can be found at: 
www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf.  
Cyber Attack

Note that it could be considered a breach if ransomware is able to access and encrypt ePHI.  We highly recommend reading this document and evaluating your related security policies.  However, here are a few simple steps you can do to greatly reduce your vulnerability to a ransomware attack:

Install the Latest Patches and Software Updates
Microsoft released a patch for the WannaCry vulnerability in March 2017, so make sure your PC has the latest updates and patches to Windows and Office. A best practice is to setup your PC to install these automatically after they become available. This advice also applies to users of non-Microsoft devices. Also, avoid storing important data on old systems for which patches and software updates are no longer available.  
 ​ 
The U.K. medical facilities that were infected were running very old Microsoft software for which updates were no longer available. Also, don't overlook your medical devices, many of which now have computers embedded in them. 

Be Aware of "Phishing" Attacks
A very common way that malware like this gets installed on your PC is by tricking you to click on a link in an email or opening an email attachment. This is generally known as "phishing." Make sure you PC has virus protection that includes checking incoming email. Confirm the legitimacy of emails before clicking on links or opening attachments. Whenever you do click on a link that appears legitimate, verify that the URL in your web browser is correct.  Be sure to share this information with your staff.

Back Up your Data
As much as possible, store your data on servers that are backed up and maintained by your IT department. If that's the case, you could lose access to your workstation and probably suffer only a minor inconvenience of having to re-image or replace your workstation. If you do have important data on your workstation, make sure it is backed up. There are many backup tools and services that can be configured to run automatically.

Although not foolproof, taking these simple steps will greatly reduce the likelihood of being infected by ransomware or other malware.  

Finally, all of the above should be documented as part of your overall HIPAA compliance program, which will be very important should your facility ever be audited for HIPAA compliance.

Paul Albrecht
Managing Director
CompliancePro Solutions
513-256-8649
0 Comments



Leave a Reply.

    Our Latest Newsletter
    Newsletter Archives


    Newsletter Sign Up
         

    Archives

    October 2018
    September 2018
    February 2018
    October 2017
    September 2017
    August 2017
    May 2017
    April 2017
    March 2017
    February 2017
    October 2016
    September 2016
    August 2016
    June 2016
    April 2016
    February 2016
    January 2016
    December 2015
    September 2015
    August 2015
    July 2015
    May 2015
    January 2015
    December 2014
    November 2014
    September 2014
    August 2014
    June 2014
    April 2014
    March 2014
    February 2014
    December 2013
    October 2013
    September 2013
    June 2013
    April 2013
    March 2013
    February 2013
    January 2013
    December 2012
    November 2012
    October 2012
    September 2012
    July 2012
    June 2012
    May 2012
    April 2012
    March 2012
    December 2011
    September 2011
    July 2011
    June 2011
    May 2011

        

    Categories

    All
    AHIMA
    Assessments
    Compliance
    Customers
    Cybersecurity
    Fairwarning
    HCCA
    Healthcare Privacy
    Healthcare Security
    HHS
    HIM
    HIPAA
    HIPAA Compliant Backups
    HIPAA Security Compliance
    HIPAA Training
    HIRO
    Hurricane Harvey
    Malware
    Partners
    Privacy And Security Institute
    PrivacyPro
    Risk Analysis
    Security Compliance

    RSS Feed

About CompliancePro Solutions
CompliancePro Solutions was founded in 2011 to focus on the growing need for technology and services to address patient privacy and security.  PrivacyPro™, our web-based privacy compliance management tool, reduces both the costs and risks associated with managing the privacy of patient data and handling HIPAA mandated requests.  CompliancePro also provides security and privacy risk analysis and consulting services to healthcare organizations, both large and small.
​
Kelly McLendon
Kelly McLendon
Managing Partner
(321) 268-0320 office
(321) 431-6585 cell
Email Kelly
 Paul Albrecht
Paul Albrecht
Managing Partner
Chief Operating Officer
(513) 256-8649
Email Paul

​Learn more about our team»
Read our Latest Newsletter»
​
Newsletter Archives»
​
Our Partners
©2017 CompliancePro Solutions™ All Rights Reserved