HIPAA compliance and ransomware prevention

06/07/2017

hipaa computer security

The healthcare industry is constantly under threat of new cyber attacks. Last month, hospitals and healthcare organizations were among the first victim of WannaCry ransomware – an iteration of malware that holds your data hostage and demands $300 for their release. However, those that follow HIPAA regulations are better equipped for future attacks.

For those who don’t know, WannaCry was first discovered in the UK. It affected over 20% of the UK’s National Health Service and created bottlenecks in hospital administration and treatment. Many healthcare institutions claimed that the privacy of patient data was not compromised, but the success of the attack shows how vulnerable these industries are to new, emerging threats.

Within 24 hours, the ransomware eventually spread and infected hundreds of thousands of machines in 150 countries. Despite WannaCry’s effectiveness in most countries, the virus did not spread so quickly in the US – in large part thanks to compliance to HIPAA guidelines by companies.

Malware Protection

Securing your endpoints with advanced antivirus software, firewalls, and intrusion prevention systems can help detect and block attacks targeting your patient data. In fact, most antivirus software has been able to prevent WannaCry since early April; with that in mind, you should keep your security systems patched and running full scans on a weekly, if not, daily basis.

Updated Software

Just like your security products, your business applications, operating system, and other software should always be up to date. WannaCry was able to spread only due to vulnerabilities in outdated Windows operating systems (which were fixed back in March). By simply taking a few minutes to check for updates and install them will save you lots of financial and legal trouble in the future.

Incident response plans

Should a malware attack occur, HIPAA requires that companies have strategies in place to mitigate the damage. When dealing with highly sensitive patient data, encryption systems are a must. And, in cases when ransomware strikes, companies should have a cloud backup and disaster recovery plans to restore files in a clean computer to keep operations running.

Security tests and risk analyses

Once you’ve established a security framework and incident response policy, risk analysis and security tests are crucial last steps. Hiring IT service professionals to perform a risk analysis will help you prevent cyber attacks by isolating system vulnerabilities. Also, security tests are important in finding out whether your defenses are capable of preventing different types of attacks from exploiting any weaknesses.

Employee Awareness

Of course, the best antidote to viruses in to prevent them in the first place. Staff who thoroughly understand cybersecurity best practices will think twice before downloading a suspicious link and will set difficult passwords.

If you need guidance with security or healthcare compliance, Telx Computers can help. With our expertise, you can rest knowing that malware and other computer viruses will be prevented from infecting your network.

Telx Computers offers expert IT support in Miami, New York, and Los Angeles. Contact us today for more information.