HIPAA Blog

[ Tuesday, May 14, 2024 ]

 

AHA and H-ISAC Issue Black Basta Warning: The American Hospital Association and the Health Information Sharing and Analysis Center (H-ISAC) have jointly issued a warning to health systems about a Russian hacker group known as Black Basta that is specifically attacking the US health sector.  The warning comes on the heels of the Ascension cybersecurity incident that is still snarling that system's ability to provide care.

Grab a printout of your last Security Risk Assessment and look at any cyber-defenses that you are lacking; if there's anything that a hacker could exploit, fix it now (or at least put warning bells and buzzers around it.  If you can't put your hands on your last SRA, you don't have one (basically in violation of HIPAA).  You should also be (i) auditing access and data transfer flows (your staff should be accessing data and you should be moving it around -- transferring to other providers and payors, etc. -- but if people are accessing data they shouldn't, or large data files are being transferred to a Nigerian IP address at 3 am on Saturday, something's probably wrong); (ii) regularly backing up your data to serial, secure, and encrypted data backup sites that are disconnected from the internet; (iii) implementing MFA; (iv) mapping your data systems, which will allow you to close unused data ports and shut down internet access to any parts of your computing environment that don't need it;  implementing encryption where possible; (v) using firewalls and virus scanning tech; and (vi) testing your people and systems to keep your most vulnerable line of defense sharp (penetration testing from the outside in, phish testing and training from the inside out).

If you aren't taking a serious look at your cyber defenses, you'll have no one to blame but yourself if you get caught by one of these bandits.


Jeff [8:38 AM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template