OCR shares guidance on preventing common cyberattacks

Featured image

Share this article

Secure lock shown as a target in crosshairs

OCR shares guidance on preventing common cyberattacks in its latest newsletter. The Department of Health and Human Services’ Office for Civil Rights (OCR) released guidelines to help prevent common cyberattacks. The OCR Quarter 1 Newsletter outlines necessary steps covered entities can take to keep your organization’s email and data safe.

Many of us in the IT community are noticing the numerous cyberattack warnings because of the situation in Ukraine. Read to learn recommended ways to lower your risk and how HIPAA compliant email keeps you one step ahead.

Hacking incidents of ePHI have jumped 45%

According to the newsletter, the number of electronically protected health information (ePHI) breaches caused by hacking or IT incidents jumped 45% from 2019 to 2020. In addition, hacking or IT breaches accounted for 66% of all breaches impacting 500 or more individuals in 2020.

Some cyberattacks are incredibly sophisticated. However, most are preventable or can be substantially mitigated if covered entities and business associates implement HIPAA Security Rule requirements.

Best cybersecurity practices involve your employees

Email phishing is one of the top attack vectors. Therefore, it is critical for covered entities to properly educate staff on recognizing this kind of attack and how to respond quickly with the correct steps. 

The OCR newsletter emphasizes the Security Rule requirement to implement an ongoing security awareness and training program to address current cyber risks. OCR notes that management needs to be involved in the process. Executive teams and management are often the individuals regularly targeted and may have more access to PHI

Covered entities are encouraged to test the training’s effectiveness with periodic security reminders and develop creative ways to keep workforce members engaged in understanding their roles.

In addition to staff education, organizations can lower the risk of phishing attacks by putting anti-phishing technologies in place. These tools help identify and block malicious websites, suspicious attachments, and potential threats. Features in Paubox Email Suite like patented ExecProtect which blocks display name spoofing emails are helpful for any healthcare organization racing to implement better cybersecurity. 

Ways to mitigate known vulnerabilities

Another common technique is exploiting known vulnerabilities, which may exist in the server, application, and other parts of the IT infrastructure.

The OCR explains how applying vendor patches or upgrading versions can mitigate known vulnerabilities. Covered entities are urged to update or replace legacy systems. If this is not possible, implement additional safeguards in the meantime.

OCR reminds covered entities of the Security Rule requirement to “identify potential technical vulnerabilities to the confidentiality, integrity, and availability of ePHI,” including flaws in systems or incorrect configurations.

This process can be accomplished by using a vulnerability scanner, participating in an information sharing and analysis center (ISAC), or conducting penetration tests.

Steps for strengthening cybersecurity practices

Weak password rules, single-factor authentication, and lax cybersecurity measures create openings for cybercriminals.

OCR stresses the importance of conducting a risk analysis to guide the implementation of authentication controls to catch vulnerabilities. However, there are instances when higher-risk situations may warrant more robust solutions, such as multi-factor authentication for remote access.

Finally, covered entities should be taking proactive steps to ensure the ongoing protection of ePHI. This includes regularly assessing the strength of existing cybersecurity practices and periodically re-evaluating safeguards in response to environmental or operational changes.

Be proactive with Paubox

With email serving as the leading form of cyberattacks, healthcare providers need to take extra measures to safeguard sensitive information by making more robust email security a top priority.

Paubox Email Suite enables HIPAA compliant email and automatically encrypts every outbound message by seamlessly integrating with your current email platforms, such as Google Workspace or Microsoft 365

As a result, Paubox users don’t have to spend time deciding which emails to encrypt. And most importantly, your patients receive your messages directly in their inboxes without using passwords or portals. As a result, Paubox helps with patient compliance and keeps communication flowing between you and your patients without friction. 

Paubox Email Suite’s Plus and Premium plan levels include critical advanced inbound email security tools for further threat protection. For example, our patent-pending Zero Trust Email feature uses email AI to confirm an email’s legitimacy. 

Don’t leave your organization at risk. It’s easier than you think to put the leading and most robust email cybersecurity solution in place with Paubox. 

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Sara Uzer

Read more by Sara Uzer

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022