The HHS Office of Civil Rights (OCR) recently shared the ultimate guide summarizing all resources available to HIPAA-regulated entities to assist them in protecting their data against ransomware. This can involve using a robust security system and sending HIPAA compliant email . Many government organizations have provided ransomware resources, so let's review what covered entities can learn.
HHS resources on Section 405(d) of the Cybersecurity Act of 2015
HHS has two resources available: Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients and Cybersecurity Reports and Tools. The resources cover several topics like current threat vectors, best practices for cybersecurity, and how to mitigate risk. The organization also provides separate advice for small healthcare companies and medium-to-large healthcare firms.
OCR guidance on ransomware
OCR guidance on cybersecurity
Another helpful resource for covered entities is the Cybersecurity Guidance Materials found on the HHS website. These materials offer guidance on how to respond to a cyber-related security incident. It also has links to past cybersecurity newsletters, which are a valuable resource for learning about securing your network.
Some of the highlights include:
- Making a List and Checking it Twice: HIPAA and IT Asset Inventories
- What Happened to My Data?: Update on Preventing, Mitigating and Responding to Ransomware
- Plan A...B...Contingency Plan!
- Cybersecurity Incidents Will Happen...Remember to Plan, Respond, and Report!
OCR guidance on risk analysis
The OCR has a document on risk analysis requirements. A HIPAA risk assessment is often the first step in creating a cybersecurity plan, and it shouldn't be skipped. Small and medium-sized covered entities should consider using the HHS Security Risk Assessment Tool. This tool was developed for healthcare professionals to assess security risks to protected health information (PHI). To learn more about it, read our post: New version of HHS Security Risk Assessment Tool released.
CISA guidance on ransomware-caused data breaches
The Cybersecurity and Infrastructure Security Agency (CISA) has a fact sheet about protecting sensitive and personal information from ransomware-caused data breaches. A summary of highlights can be found in our post here.
The CISA also has the following resources:
FBI ransomware resources
The Federal Bureau of Investigation (FBI) is actively investigating ransomware attacks. It has released guidance on avoiding ransomware, how ransomware can infect your network and best practices for cybersecurity defense. You can find these resources here and here.
Read more: To pay or not to pay for stolen data
How Paubox can protect you against ransomware
One of the most common ways ransomware can infiltrate your network is by email. That's why having robust email security is critical to protecting your patient data and network.
Paubox Email Suite Plus is the solution for your email security needs. It offers strong inbound security features that stop threats like phishing and display name spoofing emails from entering a person's inbox. This eliminates the possibility of human error enabling ransomware to enter a network. Paubox Email Suite Plus also includes our latest security feature, Zero Trust Email, which adds an additional security check on every email which is configured specifically for each customer.
Paubox is also a HIPAA complaint email provider. It sends encrypted emails by default which keeps your data secure. Your employees will be able to use it easily since it can seamlessly integrate with your current email provider, including Google Workspace and Microsoft 365.