By now, you may have heard about the global ransomware attacks affecting health care and other organizations throughout the world, in particular the United Kingdom, but also in the United States. The ransomware variant, called “Wanna Decryption” or “WannaCry” works like any other ransomware: once it is inadvertently installed, it locks up the organization’s data until ransom is paid. Here are some quick facts about the WannaCry attack and suggestions for avoiding it. Continue Reading Ransomware Attack – Quick Facts
Last week, the HHS Office of Civil Rights (OCR) released two reports required by the Health Information Technology for Economic and Clinical Health (HITECH) Act: (i) the Annual Report to Congress on Breaches of Unsecured Protected Information (Breach Report); and (ii) the Annual Report to Congress on HIPAA Privacy, Security, and Breach Notification Rule Compliance (Compliance Report). In reviewing the Breach and Compliance Reports, Chief Information Officers, compliance and privacy officers, and information security professionals in the health care field should note five key lessons: Continue Reading Five Lessons from OCR’s Reports to Congress on Breaches and HIPAA Rules Compliance
On March 28, 2014, the Office of Civil Rights (OCR) announced the release of an online and iPad app-based security risk assessment (SRA) tool. The tool is intended to help health care providers in small to medium sized offices conduct and document risk assessments of their organizations and meet their compliance obligations under the Health Insurance Portability and Accountability Act (HIPAA) Security Rule. The SRA tool is a self-contained, operating system application that can run on Windows for desktop and laptop computers or Apple’s iOS for iPad. OCR has imposed penalties based on a provider’s failure to properly perform a risk assessment compliant with the Security Rule’s standards, as we profiled in a recent post. The release of the tool further signals OCR’s increased focus on preventive measures that covered entities and business associates must undertake to demonstrate awareness of and adherence to HIPAA’s requirements.