OCR Director Urges Health Care Providers to Strengthen Cybersecurity Posture in 2022
- March 04, 2022
With incidents of cyberattacks on the rise, particularly in the health care sphere, now is the time for covered entities and business associates to review and strengthen their cybersecurity protocols, Department of Health and Human Services Office for Civil Rights Director Lisa Pino said in a February 28 blog post.
“Cyberattacks grabbed headlines throughout 2021 as hacking and IT incidents affected government agencies, major companies, and even supply chains for essential goods, like gasoline. For healthcare, this year was even more turbulent as cybercriminals took advantage of hospitals and healthcare systems responding to the Covid-19 pandemic,” Pino noted.
In addressing cybersecurity threats, Pino underscored the importance of an enterprise-wide risk analysis. “Risk management strategies need to be comprehensive in scope. You should fully understand where all electronic protected health information (ePHI) exists across your organization–from software, to connected devices, legacy systems, and elsewhere across your network,” Pino said.
Pino noted a number of best practices, including maintaining offline, encrypted backups of data; conducting regular scans to identify and address vulnerabilities on internet-facing devices; implementing regular patches and updates of software and Operating Systems; and providing regular training for employees on phishing and other common IT attacks.