August 8, 2017. The National Institute of Standards and Technology (NIST) has published with an August 2017 publication date NIST Special Publication (SP) 800-181: National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework. The Abstract for this publication follows:
June 12, 2017. The Office for Civil Rights (OCR) of the U.S. Department of Health and Human Services (HHS) published on June 8, 2017 via its SecurityList “OCR Quick Response Cyber Attack Checklist and Graphic.” The Checklist is entitled: My entity just experienced a cyber-attack! What do we do now? – A Quick-Response Checklist from the HHS, Office for Civil Rights (OCR).
May31, 2017. On May 30, 2017, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) of the Department of Homeland Security (DHS) released Update G: Indicators Associated with WannaCry Ransomware (ICS-Alert-17-135-01G) that was originally released on May 15, 2017. We provide highlights and excerpts below, and recommend that your organization download the document and sign up for alerts going forward.
May 15, 2017. For healthcare covered entities and business associates that have not implemented HIPAA Privacy and Security Rules and the HITECH Act Breach Notification Rule, the current massive, global ransomware cyberattack targeting hundreds of thousands of organizations worldwide is a ‘perfect storm’ and a wake-up call.
April 4, 2017. The Workgroup for Electronic Data Interchange (WEDI) has published an Issue Brief entitled: “The Rampant Growth of Cybercrime in Healthcare.” The timing of the WEDI release coincides with the Federal Bureau of Investigation (FBI) Cyber Division release of “Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information,” which HIPAA Integrity® has discussed in several of its posts in the past week. Designed for “Education and Awareness Use Only,” the Issue Brief “explores some of the common vulnerabilities of healthcare organizations that are typically exploited by threat adversaries in today’s environment as well as best practices to mitigate these vulnerabilities.”
April 4, 2017. In the past week, HIPAA Integrity® has posted several significant pieces on the importance of implementing and hardening cybersecurity perimeter defenses to deter and mitigate the consequences of the growing incidence of cyberattacks such as phishing and ransomware demands resulting in impermissible access, use, and disclosure of unsecured protected health information (PHI).
March 31, 2017. On March 22, 2017, the Cyber Division of the Federal Bureau of Investigation (FBI) issued a Private Industry Notification entitled: “Cyber Criminals Targeting FTP Servers to Compromise Protected Health Information [PHI].” FTP servers mean File Transfer Protocol servers, with “U(FTP) a protocol widely used to transfer data between network hosts.” “The anonymous extension of FTP allows a user to authenticate to the FTP server via common username such as ‘anonymous’ or ‘ftp’ without submitting a password or by submitting a generic password or e-mail address.” Access to such servers containing protected health information (PHI) potentially imperils such information for impermissible use or disclosure.
January 31, 2017. In recent posts on the HIPAA Integrity® Website, we have urged our readers and clients to invest in security and to harden access to their IT systems in order to minimize the likelihood of a privacy breach or security incident and the consequences thereof. We commend to your attention an excellent January 23, 2017, Modern Healthcare Special Report written by Adam Rubenfire and Joseph Conn entitled: “Building a Better Cyberdefense: How to harness technology to protect your organization and patients from the latest cyberthreats.”
December 27, 2016. The National Institute of Standards and Technology (NIST) published in December a NIST Special Publication (SP) 800-184 entitled: Guide for Cybersecurity Event Recovery, an important resource for healthcare covered entities and business associates for risk mitigation planning.
November 11, 2016. We have reported in earlier blog postings about the National Institute of Standards and Technology (NIST) September 15, 2016, Cybersecurity initiative entitled: NIST Releases Baldridge-Based Tool for Cybersecurity Excellence: Comments Sought on Draft Guide to Enhance Cybersecurity Framework (posted October 18, 2016) and the NIST intention to release in March 2017 a 5th Revision of the Special Publication (SP) 800-53, Revision 4 entitled: Security and Privacy Controls for Federal Information Systems and Organizations (posted November 8, 2016).