Page 107 - Cyber Defense Magazine for August 2020
P. 107
● Verifying that the workforce complies with this law is also a business's responsibility.
Under this regulation, companies will need to implement technical and procedural checks to protect this
information and perform risk analysis on risk and vulnerabilities to the confidentiality, integrity, and
availability of ePHI. Technical controls include such things as encryption, authentication, password
complexity, access auditing, and segmentation. Procedural controls normally include password
policies, incident response plans, contingency plans, and audit procedures.
Nowadays, healthcare information is part of the Big Data revolution and exists in a range of different
digital ecosystems. In the healthcare industry, patients use wearables and implantable IoT medical
devices such as heart monitors and pacemakers. With all these items now connected to the Internet, the
data gets exposed to cyberattacks.
With the number of IoT devices increasing every year, most of them do not have endpoint security. That
being said, it is vital to have a plan to protect your company's HIPAA data. One of the major security
issues is how the device collects the information and then transmits it to the hospital. From an ePHI and
HIPAA compliance viewpoint, this is a risk your business must understand and develop a protection
strategy.
As we can see, cyber security and HIPAA compliance are strongly connected. Unfortunately, being
HIPAA compliant does not make your organization safe from cybercriminals. At the same time,
having a robust cyber security program does not make you HIPAA compliant as well. Your business
needs a comprehensive HIPAA compliance and security provider to guarantee your patients' data's
genuine security.
The industry should develop a holistic strategy for healthcare security, including administrative, physical,
and technical safeguards.
Strategies for Improving Cyber Security
HIPAA rules are not enough to resist cybercrime. Looking at precisely what this law requires, it doesn't
necessarily align with cyber security best practices. Besides, healthcare organizations shouldn't see
cyber security and HIPAA compliance as separate components, but rather as two concepts working
parallel to one another. In fact, a robust cyber security program supports compliance.
To ensure cyber security in healthcare and prevent sophisticated attacks, healthcare organizations can
implement the following practices:
1. Review your current security risk analyses and identify gaps and areas for improvement. Check that
risk analysis is documented to guarantee regulatory compliance, enhancing the risk analysis's attorney-
client privilege.
Cyber Defense eMagazine – August 2020 Edition 107
Copyright © 2020, Cyber Defense Magazine. All rights reserved worldwide.