by Sara Nguyen
Article filed in
Ransomware guidance: what HHS recommends to protect data
by Sara Nguyen
Ransomware attacks increased during the pandemic as healthcare organizations were overloaded with additional patients and further stressed by employees working remotely. Cyberattacks have become such an issue that the U.S. government has established a new task force to combat ransomware attacks.
Healthcare organizations need to protect patients’ protected health information (PHI) from unauthorized parties. Following HIPAA can help covered entities and business associates protect and recover their sensitive data.
Let’s review what the U.S. Department of Health and Human Services (HHS) recommends in its fact sheet on ransomware and HIPAA to keep data protected.
What is ransomware?
Ransomware is a type of malicious software that is specifically designed to encrypt data to prevent authorized employees from accessing it. Usually a cybercriminal will demand a ransom in exchange for a decryption key. Hackers may also threaten to delete or transfer data if they do not receive the ransom.
Can HIPAA compliance help prevent ransomware?
Yes. Some security measures required by HIPAA include:
- Conducting a risk assessment to identify threats and implement security measures to mitigate those risks
- Training employees to identify malicious software
- Using access controls to limit access to PHI
HIPAA requirements establish the bare minimum of protecting PHI. In its checklist, HHS encourages entities to “implement additional and/or more stringent security measures above what they determine to be required by Security Rule standards.”
Can HIPAA compliance help you recover from ransomware?
Yes. HIPAA requires you to have procedures in place to aid the recovery process after a ransomware attack. It specifically requires entities to implement a data backup plan, which is usually part of an entity’s business continuity plan. Other parts of this plan include disaster recovery, emergency operations, and periodic penetration testing.
How can you detect if your computer system is infected with ransomware?
There are essentially two ways to detect if your computer system has ransomware. The first way is having robust security measures that alert you when your network has a problem.
The second way is for your employees to detect problems that indicate a ransomware attack has penetrated your network. The HHS fact sheet shares some of the common indicators that a ransomware attack is underway:
- Malicious email links or attachments
- A sudden increase in CPU or disk activities for no apparent reason
- Inability to access certain files
- Suspicious network communications
Email is a common threat vector for cyberattacks. If an employee notices that they were sent an email that had malicious links or file attachments, they should report it to your IT team.
What should you do if your computer system is infected with ransomware?
If you believe that a ransomware attack has been released into your system, implement your entity’s security response plan. The HHS recommends that the initial steps include determining:
- The scope and what networks, systems, or applications were affected
- How, where and when the ransomware accessed the network
- If the ransomware has stopped spreading or if it’s ongoing
This initial analysis will help you determine the next steps to contain and recover from the ransomware attack. Upon further inspection, you should determine if PHI was breached and if the security incident needs to be reported to the HHS.
Is it a HIPAA breach if ransomware infects your computer system?
HIPAA concerns itself with protecting PHI. A ransomware attack on a covered entity’s computer system is usually considered a HIPAA breach because a breach of PHI is presumed. Unless a covered entity can prove that there is a “low probability that the PHI has been compromised,” then it will need to follow the breach notification rules. This includes notifying affected individuals, HHS, and possibly the media.
SEE ALSO: What to do after you violate HIPAA
To learn more about what HHS recommends during various ransomware scenarios, read its full brief by clicking here.
How can you prevent email ransomware attacks?
Prevention and preparation are the best ways to stop ransomware attacks. It’s worth the investment to avoid the headache of recovering from ransomware and dealing with law enforcement.
Taking a proactive with Paubox Email Suite Plus, the best solution for HIPAA compliant email. It allows you to send encrypted emails directly to your patient’s inbox, no portals or passwords required. It doesn’t interrupt your employees’ workflow because it seamlessly integrates with popular email platforms like Google Workspace and Microsoft 365.
SEE ALSO: Why email is better than patient portals
Paubox Email Suite Plus also prevents malicious emails from entering your system. It includes robust inbound security tools to block threats like display name spoofing attacks and phishing emails. Our latest feature is Zero Trust Email, which adds an extra layer of authentication to ensure emails are coming from trusted sources.
Paubox is HITRUST CSF certified and a business associate agreement (BAA) is included in all plans. You can rest assured that we’re dedicated to following HIPAA guidelines and keeping your emails secure.