Recently The HHS Office for Civil Rights (OCR) shared a comprehensive list of resources for any HIPAA-regulated entity to assist them in the prevention, detection, and mitigation of data breaches of protected health information that occurs because of hacking or ransomware.
As a covered entity or business associate under HIPAA compliance, an attack on your business may expose unsecured protected health information (PHI). Under the HIPAA Breach Notification Rule, there are reporting requirements that you must adhere to.
HIPAA Secure Now can help you to mitigate the rising risk of a cybersecurity breach, as well as maintain HIPAA compliance. Not sure if you’re covered? We can help you to uncover any gaps in your business structure.
This section contains briefs that outline individual threats in detail.
HHS Health Sector Cybersecurity Coordination Center Threat Briefs
A summary page can be found here.
o January 28, 2021 – ATTACK for Emotet
o March 12, 2021 – New Ryuk Variant Analyst Note
o April 8, 2021 – Ryuk Variants
o May 25, 2021 – Conti Ransomware Analyst Note
o June 3, 2021 – Ransomware Trends 2021
o July 8, 2021 – Conti Ransomware
o July 8, 2021 – Phobos Ransomware Analyst Note
o August 5, 2021 – Qbot/QakBot Ransomware
o August 6, 2021 – Lazio Ransomware Attack Analyst Note
o August 19, 2021 – REvil Update
o August 24, 2021 – OnePercent Group Ransomware Alert
o August 25, 2021 – IOCs Associated with Hive Ransomware Alert
o September 2, 2021 – Demystifying BlackMatter
HHS Resources on Section 405(d) of the Cybersecurity Act of 2015:
- Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients https://www.phe.gov/Preparedness/planning/405d/Pages/hic-practices.aspx
- Cybersecurity Reports and Tools https://www.phe.gov/Preparedness/planning/405d/Pages/reportandtools.aspx
OCR Guidance:
- Ransomware https://www.hhs.gov/sites/default/files/RansomwareFactSheet.pdf
- Cybersecurity
https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html
- Risk Analysis
HHS Security Risk Assessment Tool:
CISA Protecting Sensitive and Personal Information from Ransomware-Caused Data Breaches:
- https://www.cisa.gov/stopransomware
- https://www.cisa.gov/sites/default/files/publications/CISA_Fact_Sheet-Protecting_Sensitive_and_Personal_Information_from_Ransomware-Caused_Data_Breaches-508C.pdf
CISA Ransomware Guide:
FBI Ransomware Resources:
- https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/ransomware
- https://www.ic3.gov/Media/Y2019/PSA191002
OCR Cybersecurity Newsletters:
- Making a List and Checking it Twice: HIPAA and IT Asset Inventories (Summer 2020 Cybersecurity newsletter): https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-summer-2020/index.html
- What Happened to My Data?: Update on Preventing, Mitigating and Responding to Ransomware (Fall 2019 Cybersecurity Newsletter):https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity-newsletter-fall-2019/index.html
- Phishing (February 2018 Cybersecurity Newsletter): https://www.hhs.gov/sites/default/files/cybersecurity-newsletter-february-2018.pdf
- Plan A… B… Contingency Plan! (March 2018 Cybersecurity Newsletter): https://www.hhs.gov/sites/default/files/march-2018-ocr-cyber-newsletter-contingency-planning.pdf
- Cybersecurity Incidents will happen… Remember to Plan, Respond, and Report! (May 2017 Cybersecurity newsletter): https://www.hhs.gov/sites/default/files/may-2017-ocr-cyber-newsletter.pdf
For more information on our HIPAA compliance and cybersecurity programs, visit here.
Leave a Reply