Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

OCR shares guidance on preventing common cyberattacks

OCR shares guidance on preventing common cyberattacks

OCR shares guidance on preventing common cyberattacks in its latest newsletter. The Department of Health and Human Services' Office for Civil Rights (OCR) released guidelines to help prevent common cyberattacks.

The OCR Quarter 1 Newsletter  outlines necessary steps  covered entities can take to keep your organization's email and data safe. Many of us in the IT community are noticing the numerous cyberattack warnings because of the situation in Ukraine.

Read to learn recommended ways to lower your risk and how HIPAA compliant email keeps you one step ahead.

 

Hacking incidents of ePHI have jumped 45%

 

According to the newsletter, the number of electronically protected health information ( ePHI ) breaches caused by hacking or IT incidents jumped 45% from 2019 to 2020. In addition, hacking or IT  breaches  accounted for 66% of all breaches impacting 500 or more individuals in 2020. Some cyberattacks are incredibly sophisticated.

However, most are preventable or can be substantially mitigated if covered entities and  business associates  implement  HIPAA Security Rule requirements.

 

Best cybersecurity practices involve your employees

 

Email phishing  is one of the top attack vectors. Therefore, it is critical for covered entities to properly educate staff on recognizing this kind of attack and how to respond quickly with the correct steps. 

The OCR newsletter emphasizes the Security Rule requirement to implement an ongoing security awareness and  training  program to address current cyber risks. OCR notes that management needs to be involved in the process. Executive teams and management are often the individuals regularly targeted and may have more access to  PHI

Covered entities are encouraged to test the training's effectiveness with periodic security reminders and develop creative ways to keep workforce members engaged in understanding their roles. In addition to staff education, organizations can lower the risk of phishing attacks by putting anti-phishing technologies in place.

These tools help identify and block malicious websites, suspicious attachments, and potential threats. Features in Paubox Email Suite like patented ExecProtect which blocks display name spoofing emails are helpful for any healthcare organization racing to implement better cybersecurity. 

 

Ways to mitigate known vulnerabilities

 

Another common technique is exploiting known vulnerabilities, which may exist in the server, application, and other parts of the IT infrastructure. The OCR explains how applying vendor patches or upgrading versions can mitigate known vulnerabilities. Covered entities are urged to update or replace legacy systems.

If this is not possible, implement additional safeguards in the meantime. OCR reminds covered entities of the Security Rule requirement to "identify potential technical vulnerabilities to the confidentiality, integrity, and availability of ePHI," including flaws in systems or incorrect configurations.

This process can be accomplished by using a vulnerability scanner, participating in an information sharing and analysis center (ISAC), or conducting penetration tests.

 

Steps for strengthening cybersecurity practices

 

Weak password rules, single-factor authentication, and lax cybersecurity measures create openings for cybercriminals. OCR stresses the importance of conducting a risk analysis to guide the implementation of authentication controls to catch vulnerabilities.

However, there are instances when higher-risk situations may warrant more robust solutions, such as  multi-factor authentication for remote access.

Finally, covered entities should be taking proactive steps to ensure the ongoing protection of ePHI. This includes regularly assessing the strength of existing cybersecurity practices and periodically re-evaluating safeguards in response to environmental or operational changes.

 

Be proactive with Paubox

 

With email serving as the leading form of cyberattacks, healthcare providers need to take  extra measures  to safeguard sensitive information by making more robust email security a top priority.

Paubox Email Suite enables HIPAA compliant email and automatically encrypts every outbound message by seamlessly integrating with your current email platforms, such as Google Workspace  or  Microsoft 365

As a result, Paubox users don't have to spend time deciding which emails to encrypt. And most importantly, your patients receive your messages directly in their inboxes without using passwords or  portals. As a result, Paubox helps with patient compliance and keeps communication flowing between you and your patients without friction. 

Paubox Email Suite's Plus and Premium plan levels include critical advanced inbound email security tools for further threat protection. For example, our patent-pending  Zero Trust Emai l feature uses  email AI to confirm an email's legitimacy. 

Don't leave your organization at risk. It's easier than you think to put the leading and most robust email cybersecurity solution in place with Paubox. 

 

Try Paubox Email Suite for FREE today.

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.