HHS Offers Guidance for Healthcare Companies to Improve Their Cyber Posture

The HHS’ Health Sector Cybersecurity Coordination Sector (HC3) has issued guidance for healthcare companies to aid them to strengthen their cyber posture. Cyber posture is the phrase used to refer to the overall toughness of an company’s cybersecurity, practices for forecasting and stopping cyber threats, and the capability to proceed to work while addressing cyber threats.

To abide by the HIPAA Security Rule, companies must employ safety measures to protect the integrity, availability, and confidentiality of electronic protected health information (ePHI), and minimize threats to a low and tolerable level.

Technical safety measures are necessary to keep ePHI secure and private and will make sure that ePHI could be retrieved in case of a detrimental cyberattack. A strong cybersecurity plan can assist to reduce the problems prompted in case of an attack, can stop the stealing of sensitive data like ePHI and intellectual property, restrict the chance of misuse of patient information, and will assist in improving customer trust.

HC3 specifies the number of steps that could be taken to enhance cyber posture for instance performing frequent security posture checks, constantly tracking networks and software programs for vulnerabilities, identifying which departments have problems and designating managers to particular challenges, and routinely examining breaks in security measures, identifying key security metrics, and making incident response and disaster rescue programs.

HC3 additionally advises adopting the cybersecurity protocols specified in CISA Insights for avoiding cyber threats. These guidelines can help limit the probability of a detrimental cyber intrusion from occurring, will help companies quickly identify attacks that are happening, will make it quicker to perform an effective breach response and increase the company’s toughness to detrimental cyberattacks.

HC3 focuses on the safety risk analysis, which is an element of compliance with the HIPAA Security Rule that continues to be troublesome for a lot of healthcare companies. The safety risk assessment involves figuring out sources of threat, dangerous events, and vulnerabilities, identifying the possibilities of exploitation and the potential effect, and assessing threat as a mix of chance and impact.

Healthcare companies can then utilize the data supplied by risk analysis to prioritize the management of risks. The Office for Civil Rights has lately launched a different version of its Security Risk Assessment program, to help small- and medium-sized healthcare companies do their safety risk analysis.