[ Tuesday, July 12, 2016 ]
OCR Issues Ransomware Guidance: While I couldn't disagree more with the assertion that ransomware attacks "usually" result in a Breach, I do applaud OCR for issuing
this timely and pertinent guidance to covered entities. Clearly, regardless of the specifics of your business, you should take these steps to help prevent or minimize the impact of a ransomware attack:
- Do a risk analysis and implement the recommendations it produces
- Have good virus protection
- Be active with patch management
- Train your staff to avoid phishing attacks
- Limit access to sensitive data to appropriate individuals
- Limit access to sensitive data to appropriate apps and software
- Limit connectivity (if a computer does not need to access the internet, cut it off)
- Have good, thoughtful, and thorough data backup strategies
Also a good idea to have a security incident response plan (including a staffed incident response team) in place and ready to respond.
Jeff [12:24 PM]
http://www.blogger.com/template-edit.g?blogID=3380636
Blogger: HIPAA Blog - Edit your Template