Page 107 - Cyber Defense Magazine for August 2020
P. 107

●  Verifying that the workforce complies with this law is also a business's responsibility.



            Under this regulation, companies will need to implement technical and procedural checks to protect this
            information  and  perform  risk  analysis  on  risk  and  vulnerabilities  to  the  confidentiality,  integrity,  and
            availability of ePHI. Technical controls include such things as encryption, authentication, password
            complexity,  access  auditing,  and  segmentation.  Procedural  controls  normally  include  password
            policies, incident response plans, contingency plans, and audit procedures.

            Nowadays, healthcare information is part of the Big Data revolution and exists in a range of different
            digital ecosystems.  In  the  healthcare  industry, patients  use  wearables  and  implantable  IoT  medical
            devices such as heart monitors and pacemakers. With all these items now connected to the Internet, the
            data gets exposed to cyberattacks.
            With the number of IoT devices increasing every year, most of them do not have endpoint security. That
            being said, it is vital to have a plan to protect your company's HIPAA data. One of the major security
            issues is how the device collects the information and then transmits it to the hospital. From an ePHI and
            HIPAA compliance viewpoint, this is a risk your business must understand and develop a protection
            strategy.

            As  we  can  see,  cyber  security  and  HIPAA  compliance are  strongly  connected.  Unfortunately,  being
            HIPAA compliant does not make your organization safe from cybercriminals. At the same time,
            having a robust cyber security program does not make you HIPAA compliant as well. Your business
            needs  a  comprehensive  HIPAA  compliance  and  security  provider  to  guarantee  your  patients'  data's
            genuine security.

            The industry should develop a holistic strategy for healthcare security, including administrative, physical,
            and technical safeguards.



            Strategies for Improving Cyber Security

            HIPAA rules are not enough to resist cybercrime. Looking at precisely what this law requires, it doesn't
            necessarily  align  with  cyber  security  best practices.  Besides,  healthcare  organizations  shouldn't see
            cyber  security  and  HIPAA  compliance  as  separate  components,  but  rather  as two  concepts  working
            parallel to one another. In fact, a robust cyber security program supports compliance.

            To ensure cyber security in healthcare and prevent sophisticated attacks, healthcare organizations can
            implement the following practices:


            1. Review your current security risk analyses and identify gaps and areas for improvement. Check that
            risk analysis is documented to guarantee regulatory compliance, enhancing the risk analysis's attorney-
            client privilege.







            Cyber Defense eMagazine – August 2020 Edition                                                                                                                                                                                                                        107
            Copyright © 2020, Cyber Defense Magazine.  All rights reserved worldwide.
   102   103   104   105   106   107   108   109   110   111   112