HB Ad Slot
HB Mobile Ad Slot
OCR Urges Private Sector to Beef Up Ransomware Protections
Wednesday, July 14, 2021

Echoing other agencies in recent weeks, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued an alert sharing resources to address and protect institutions against the recent influx of ransomware attacks.  Resources included a White House Memo urging companies to strengthen their commitment to cybersecurity.

Similar to other recommendations we have recently written about (for example those from NYDFS), OCR recommends that the private sector:

  1. Implement the five best practices from the President’s May 2021 Executive Order on Cybersecurity: (a) multifactor authentication, (b) early detection of cybersecurity vulnerabilities, (c) robust response to cybersecurity incidents, (d) encryption, and (e) dedicated security teams;

  2. Back up all information and data, regularly test backups, and keep the backups offline and not connected to core business systems;

  3. Update and patch operating systems, applications, firmware and other systems promptly;

  4. Test and optimize incident response plans;

  5. Run third-party checks to ensure system security; and,

  6. Segment networks to minimize damage in the event of a system compromise.

Putting it Into Practice:  Though these guidelines have no binding effect, they provide timely insight into OCR’s expectations for HIPAA covered entities and business associates to protect against cyberattacks.  Failure to implement the above guidance may leave companies at risk not only to ransomware attacks but also greater scrutiny from the government in the event of a data breach.

HTML Embed Code
HB Ad Slot
HB Ad Slot
HB Mobile Ad Slot
HB Ad Slot
HB Mobile Ad Slot
 
NLR Logo
We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins