Amerihub Technologies

Ransomware, HIPAA Fines from HHS, and Your Medical Practice

Ransomware, HIPAA Fines from HHS, and Your Medical Practice
Unfortunate news regarding Jackson Health, of Miami Florida

If you are a principal Healthcare Provider, Practice Manager, or Office Manager at a Medical Practice, the prospect of fines from The Department of Health and Human Services is a constant threat, especially in the world of Ransomware and rampant Operating System and mobile device vulnerabilities.

Did your practice “Pay the Ransom” already?

“Just pay the ransom”, your Managed Service Provider or System Administrator may tell you.

If you do, be aware that criminals do not, as a class, have a great track record for honoring agreements with their victims. In fact, by “just paying the ransom” you may actually open the door to far worse breaches in the future, by self-identification (from among a possible sea of automated infections) as a real business with staff who are proven susceptible to “social engineering” and extortion.

The Department of Health and Human Services REQUIRES Covered Entities to report most data breaches, with regard to PHI (Personally Identifiable Health Information).

Even if you do “Just Pay the Ransom”, if Personally Identifiable Health Information (PHI) was compromised and/or accessed by a hacker, malicious script, or other related device, The Department of Health and Human Services imposes stern requirements for reporting such breaches, and stiff penalties for practices who fail to report the same.

Do not lose your job because of a HIPAA violation

Do not assume that “The Practice” will absorb all of the “Blame”. As you may have heard, certain things tend to roll downhill, and “Blame” is often one of them. Learn from the Mercy Health nurse in Michigan (details above) who was reportedly terminated from service at Hackley Hospital (Muskegon, Michigan), for a stated HIPAA violation, alongside other employees for similar offenses.

Source: https://krebsonsecurity.com/2019/08/ransomware-bites-dental-data-backup-firm/

Also, do not assume that your current “Backups” are a safe protection measure against Ransomware and similar breaches. As shown above, even paid professionals can drop the ball on securing backup repositories from Ransomware encryption.

And even if they do protect the backups – it may still be considered a “Reportable Event” by HHS (The Department of Health and Human Services) PHI (Personally Identifiable Health Information) was accessed or compromised.

Email help@amerihub.com to get Ransomware protection for your medical practice.

Learn from the mistakes of other Medical Practices and Healthcare Providers. Do not be the subject next news story regarding fines from HHS for HIPAA violations related to filesystem and ePHI security.

Contact Amerihub today and protect your patient data: help@amerihub.com

0

Post a comment