Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.
If you have been watching the news the last few weeks Cybersecurity has been a huge issue. Just in the last few weeks,
- The FBI took down a Russian Bot Net Server that target the Internet of Things (IoT). The Internet of things are devices that are connected to the internet that are not computers and computer related equipment including but not limited to Doorbell Cameras, Home and Office Security Systems, IV Pumps, and any other device that you can control by an app on your cell phone.
- The US and German took down a major server hub that sold stolen information including stolen medical information.
- The US Government has issued warnings that Russian hackers are likely to target computers and servers that are part of the US infrastructure in response to the sanctions levied.
Medical Identity theft is big business and the health information on people in the US may be a high value target to Russian hackers. This means your data is at much greater risk than it was just a few months ago. The HIPAA regulations require us to take all reasonable precautions to protect our data and failing to do so is a HIPAA violation.
In addition, if you get ransomware and you pay the ransom you may be paying money to a country or organization that has been labeled a terrorist organization and that is a violation of Patriot Act and This law, anyone who provides so-called material support to a designated terrorist organization can be prosecuted. Using this law, the Justice Department has convicted hundreds of Americans. (USA PATRIOT Act | FinCEN.gov)
This means you need to be even more vigilant in protecting your data than ever before.
One of the ways we can prevent breaches and HIPAA events, and one way we protect ourselves against fines from the federal government is to share information when we have an event, so that others do not fall victim to the same type of hack or intrusion that attacked our systems.
To assist you in that endeavor the Cybersecurity & Infrastructure Security Agency has published a fact sheet to assist you in event reporting. (Sharing Cyber Event Information With CISA: Observe, Act, Report). This guidance document includes 10 key elements to share with the government include:
- Incident date and time
- Incident location
- Type of observed activity
- Detailed narrative of the event
- Number of people or systems affected
- Company/Organization name
- Point of Contact details
- Severity of event
- Critical Infrastructure Sector if known
- Anyone else you informed
We strongly advise you to download the document and keep it handy so that you can become part of the collective shield that protects all medical practices from a cybersecurity event. This is truly a case where we can help ourselves by helping others.
TLD Systems assists practices of all sized to implement strategies that will help to avoid a cybersecurity event with the goal of never needing to report a cybersecurity event in your practice. For more information, please contact TLD Systems.
Let the TLD Systems team be your resource to help YOU protect YOUR DATA.