HIPAA Tip: Steps to Ward off Ransomware Attacks

December 13, 2022

Ransomware is a type of malware that blocks access to a system, device, or file until a ransom is paid. This is done by encrypting files on the endpoint, threatening to erase files, or blocking system access.

Center for Internet Security or CIS has: 7 Steps to Help Prevent & Limit the Impact of Ransomware

1. Maintain backups – thoughtfully. Backups for all important data need to be in multiple locations, either onsite and offsite, and at least stored so they cannot be targeted by attackers.

2. Develop plans and policies. An incident response plan needs to be created so all members involved including IT know what to do during a ransomware attack/event. Staff members need to be trained in security awareness, especially regarding suspicious (phishing) emails.

3. Review port settings. Organizations need to consider and review any open ports to the network and limit connections to only trusted hosts. Review remote access regularly.

4. Harden your endpoints. Secure configuration settings can help limit an organization’s threat surface and close security gaps left over from default configurations.

5. Keep systems up-to-date. Make sure all of the organization’s operating systems, applications and software are updated regularly, having the latest security patches.

6. Train the team. Security awareness training can teach members what to look for in malicious emails and can be one of your best defenses when it comes to ransomware attacks, and how to spot unusual activity/issues.

7. Implement an IDS. An Intrusion Detection System (IDS) looks for malicious activity by comparing network traffic logs to signatures that detect known malicious activity.

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). ANATOMY_IT. can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.

Posted in blog, Healthcare IT, HIPAA Tip Tuesday, ransomware