Cyber extortion is a crime involving an attack or threat of an attack coupled with a demand for money to avert or stop the attack. And according to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) incidents of cyber extortion have risen steadily over the past couple of years, and by many estimates, will continue to be a major source of disruption for many organizations.
Healthcare organizations are often the targets of cyber extortion attacks such as stealing sensitive data or disrupting computer services. Because of the potential threat to any healthcare organization small or large, there are activities that can help you with your efforts in combatting cyber extortion.
OCR provides the following examples of activities that should be considered by organizations to reduce the chances of being a victim of cyber extortion:
- Implementing a robust risk analysis and risk management program that identifies and addresses cyber risks holistically, throughout the entire organization;
- Implementing robust inventory and vulnerability identification processes to ensure accuracy and thoroughness of the risk analysis;
- Training employees to better identify suspicious emails and other messaging technologies that could introduce malicious software into the organization;
- Deploying proactive anti-malware solutions to identify and prevent malicious software intrusions;
- Patching systems to fix known vulnerabilities that could be exploited by attackers or malicious software;
- Hardening internal network defenses and limiting internal network access to deny or slow the lateral movement of an attacker and/or propagation of malicious software;
- Implementing and testing robust contingency and disaster recovery plans to ensure the organization is capable and ready to recover from a cyber-attack;
- Encrypting and backing up sensitive data;
- Implementing robust audit logs and reviewing such logs regularly for suspicious activity;
- Remaining vigilant for new and emerging cyber threats and vulnerabilities.
We can help
Healthcare Compliance Pros has tools in place to help your organization. For example, performing a HIPAA Virtual Walkthrough and a Security Risk Analysis (SRA) are essential activities organizations do to determine potential vulnerabilities that can be addressed as part of a corrective action plan. We can help you with these and other activities, to help you reduce the chances of being the victim of cyber extortion, and other security incidents, that could potentially be a disruption for your organization.
If you have any questions feel free to contact us today by emailsupport@hcp.mdor by phone: 855-427- 0427.