HIPAA Blog

[ Tuesday, July 12, 2016 ]

OCR Issues Ransomware Guidance: While I couldn't disagree more with the assertion that ransomware attacks "usually" result in a Breach, I do applaud OCR for issuing this timely and pertinent guidance to covered entities. Clearly, regardless of the specifics of your business, you should take these steps to help prevent or minimize the impact of a ransomware attack:

Do a risk analysis and implement the recommendations it produces
Have good virus protection
Be active with patch management
Train your staff to avoid phishing attacks
Limit access to sensitive data to appropriate individuals
Limit access to sensitive data to appropriate apps and software
Limit connectivity (if a computer does not need to access the internet, cut it off)
Have good, thoughtful, and thorough data backup strategies

Also a good idea to have a security incident response plan (including a staffed incident response team) in place and ready to respond.

Jeff [12:24 PM]

Comments: Post a Comment

http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template