10-29-20 | Blog Post
The healthcare and public health sectors are currently being warned by DHS, FBI, and HHS of imminent cybercrime with Ryuk Ransomware acting as the primary threat. The average amount of Electronic Health Record (EHR) downtime as a result of a ransomware attack is 15 days, but it can get much worse; US Health Systems is reported to have required 3 weeks to get all 400 systems back online after a September 2020 ransomware attack. There is news of similar attacks including Skylakes Medical Center and St. Lawrence Health System and Sonoma Valley Hospital. Sonoma Valley hospital is an interesting study in ransomware remediation as their website publicly declares: On October 11, Sonoma Valley Hospital experienced a security incident that affected computer systems and triggered a significant downtime event.
Currently, the hospital is maintaining operations while computer systems are being fully restored. It has maintained the ability to care for patients using its business continuity plan. In previous blogs we have covered the value of having a Business Continuity Plan that is updated to include today’s ever evolving threats. Sonoma Valley Hospital’s use of an effective business continuity plan not only maintained patient care levels in an emergency, it also appears to align with HIPAA security rule 164.308(a)(7)(i) regulating contingency planning and business disruption. These incidents also point to assuring that HIPAA regulated healthcare sectors and businesses understand the advantages of and regulations for HIPAA compliant cloud services and assure they are part of a robust business continuity plan.
While all businesses have experienced increased stress during the pandemic, none more than healthcare and public health sectors. Add to this the 2020 mass distribution of workers, proliferation of telemedicine and online medical services and the unrelenting pressure on IT to expand and secure the network; this all represents a prescription for significant increases in the number and types of threat vectors. It is well known that cybercriminals look for periods of disaster that usually indicate business distraction and increased opportunity; 2020 fits those specifications perhaps better than any other year. What are the points to assure that can minimize the threats to your business from ransomware?
Looking for HIPAA compliant hosting? Otava can help. Our cloud, disaster recovery and colocation solutions have helped covered entities and business associates alike adhere to HIPAA regulations and keep PHI secure. Download our free white paper on HIPAA compliant hosting, check out our HIPAA compliant solutions or contact us to learn more.
Why disaster recovery is important to HIPAA compliance: There are many aspects of complying with HIPAA regulations, and all are equally important to avoid facing the stiff penalties that come as a result of any violations. In addition to technical and physical safeguards for your PHI, the administrative safeguards…(Keep Reading)
Achieving Compliance in a Hybrid Cloud: According to the 2019 Rightscale® State of the Cloud report, the number of enterprises with a hybrid cloud strategy (one that combines both public and private clouds) grew to 58 percent for 2019, up from 51 percent in 2018… (Keep Reading)
What Is The HIPAA Security Rule? How can you be certain that your patients’ electronic health information is adequately protected? The HIPAA Security Rule was created to help you answer that question more confidently… (Keep Reading)
What Is The HIPAA Privacy Rule? Physicians are entrusted with some of the most intimate and personal information in a patient’s lifetime—account and identity information as well as health information… (Keep Reading)