[ Tuesday, March 01, 2016 ]
Tips for Dealing With (and Hopefully Avoiding) Ransomeware
Jeff [8:30 AM]
: I could quibble with a lot of this article
from Jones Day (for example, almost all healthcare providers will have to give notice to the individual and the government if a single person's unsecured PHI is breached; the 500 number just changes the when and how of notifying the government, and also requires media notice), but the recommendations at the end are pretty solid.
But they're missing what would be #2 on my list: review and limit your internet interconnectivity. You have to be connected, so being an island isn't really an option. But the more you can isolate your most sensitive data, whether by limiting overall connections, keeping those connections under constant watch for unusual activity, or some other strategy, the better off you'll be.
Add on filters, firewalls, and good virus protection programs (consider multiple virus protection programs to get a combination best of breed). Train your staff, including by testing them occasionally, so they'll know how to avoid phishing attacks. And definitely have an incident response team locked and loaded. Bad things are going to happen, and you should know the answer to the questions "What do I do now?" and "Who do I call?"
Blogger: HIPAA Blog - Edit your Template