0
/ Published in News

Mitigating Risk & Impact of Ransomware Attacks in Healthcare Sector – JD Supra

Bond Schoeneck & King PLLC
How do you get ahead of a ransomware attack in the healthcare delivery environment? By acting, now. A quick way to organize? Look at the 405(d) group’s work, including its recently released ransomware infographic.
The Context
The news is full of headlines concerning ransomware – malware that attacks an information system and holds its data contents for ‘ransom’ until an attacker’s (typically monetary) demands are satisfied. Just ask the leaders of cities like Atlanta and Baltimore. An organization’s data has significant value, particularly when malicious actors place their focus on them. New threats to those data arise with remarkable frequency: take, for instance, the log4j vulnerability – a potentially devastating gap just discovered this month that affects a core coding foundational block used across systems globally. Indeed, just last month President Biden issued broad policy goals to combat ransomware attacks on the global stage, including state-sponsored activities.
The Healthcare Ecosystem
Through its reliance on digital information exchange, our nation’s healthcare delivery system is not excepted. It began shifting, well before the pandemic, to more data in more places – whether through the complex management of electronic medical records, the deep dive into telemedicine or the use of mobile devices and the cloud to access patient data. As the pandemic has accelerated the pace of this change, it likewise has amplified opportunities for mischief. With the pandemic showing no sign of slowing, healthcare’s digital footprint remains a key point of vulnerability. A nonprofit organization (NGO), the Cyber Peace Institute, documented scores of attacks – often in multiples by the same actors – against healthcare institutions in 27 countries during an 18-month span of 2020-2021. The consequences of inaction, particularly among healthcare institutions charged with protecting information under the Health Insurance Portability and Accountability Act (HIPAA), can be financially (let alone, reputationally) onerous and devastating. 
The 405(d) Group
Recognizing the growing cybersecurity risks in the healthcare environment, in its 2015 Federal Cybersecurity Act, Congress included language mandating a strengthened approach to cybersecurity in the healthcare and public health sectors (see, e.g., Section 405(d) of the Act). This spurred formation of the 405(d) Task Group, convened by the Federal Department of Health and Human Services and that brings together numerous Federal government leaders alongside hundreds of private-sector healthcare and cybersecurity contributors. Together the Task Group has developed publicly facing resources, including its seminal “Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients,” a wide-ranging document touching on areas such as protections against phishing attacks, data loss and medical device protections to ensure patient safety.
405 (d) Infographic
Recently the 405(d) group went live with a publicly facing portal, and in complement published a how-to infographic on ransomware defense. The guidance – geared toward healthcare practitioners as a key audience – affords practical tips to build defenses and think through policies. Elements include:
1. Before an attack:
2. During an attack:
3. Recovering:
More Tips to Stay Ahead of Ransomware – and Practice Good ‘Cyber Hygiene’
With its quick sheet the 405(d) Task Group offers a good foundation to build ransomware knowledge and response nimbleness. More tips to limit exploitable gaps include:
1. Operational
2. Technical
3. Compliance
Other areas to think about in the ransomware arena include: 
These are not exhaustive tips, but a place to start.
Information Exchange – the New York Healthcare Cyber Alliance (NYHCA)
For New York State healthcare institutions strengthening their ransomware protocols and their cybersecurity posture more broadly, there is another resource to consider: the New York Healthcare Cyber Alliance. NYHCA focuses on cybersecurity at small to mid-size healthcare delivery organizations – particularly those that have been historically under-resourced around their cybersecurity readiness – to mitigate healthcare continuum cybersecurity risks and build trust in preparing for and in responding to cyber incursions. (Gabriel Oberfield is a co-chair of NYHCA.) NYHCA branches from the New York State Cyber Security Advisory Board – which has a multidisciplinary composition akin to the 405(d) Task Group providing cross-sectoral cybersecurity guidance to New York State’s executive branch. 
During NYHCA’s first operational year – just coming to a close – the body convened several educational sessions, including:
During 2022, NYCHA is expected to publish a compendium of ‘quick-dial’ governmental resources (finalization pending); facilitate cybersecurity readiness assessment activity, in partnership with CISA; and build capacity for town halls and exercises to test capacities (as well, with CISA). Completing these exercises has the ancillary effect of helping healthcare institutions satisfy Conditions of Participation concerning emergency preparedness, requisite for Medicare and Medicaid providers. We encourage Bond clients to get involved and learn, both from their healthcare sector peers and from governmental leaders involved in the work.
[View source.]See more »
DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
© Bond Schoeneck & King PLLC var today = new Date(); var yyyy = today.getFullYear();document.write(yyyy + ” “); | Attorney Advertising
Refine your interests »
This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.
Back to Top
Explore 2021 Readers’ Choice Awards
Copyright © var today = new Date(); var yyyy = today.getFullYear();document.write(yyyy + ” “); JD Supra, LLC

source

What you can read next

Retail sales rise 0.3% in Nov. but shoppers show resilience – Your Valley
Elon Musk is a business 'savant,' but 'his gift is not empathy,' according to his brother Kimbal – CNBC
French Twin TV Stars Grichka and Igor Bogdanoff Die of COVID-19 Within Days of Each Other – PEOPLE