August 4, 2021

Volume XI, Number 216

Advertisement

August 03, 2021

Subscribe to Latest Legal News and Analysis

August 02, 2021

Subscribe to Latest Legal News and Analysis

OCR Urges Private Sector to Beef Up Ransomware Protections

Echoing other agencies in recent weeks, the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) issued an alert sharing resources to address and protect institutions against the recent influx of ransomware attacks.  Resources included a White House Memo urging companies to strengthen their commitment to cybersecurity.

Similar to other recommendations we have recently written about (for example those from NYDFS), OCR recommends that the private sector:

  1. Implement the five best practices from the President’s May 2021 Executive Order on Cybersecurity: (a) multifactor authentication, (b) early detection of cybersecurity vulnerabilities, (c) robust response to cybersecurity incidents, (d) encryption, and (e) dedicated security teams;

  2. Back up all information and data, regularly test backups, and keep the backups offline and not connected to core business systems;

  3. Update and patch operating systems, applications, firmware and other systems promptly;

  4. Test and optimize incident response plans;

  5. Run third-party checks to ensure system security; and,

  6. Segment networks to minimize damage in the event of a system compromise.

Putting it Into Practice:  Though these guidelines have no binding effect, they provide timely insight into OCR’s expectations for HIPAA covered entities and business associates to protect against cyberattacks.  Failure to implement the above guidance may leave companies at risk not only to ransomware attacks but also greater scrutiny from the government in the event of a data breach.

Copyright © 2021, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 195
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Associate

Susan Ingargiola is an associate in the Corporate Practice Group in the firm's New York office.

Areas of Practice

Susan advises healthcare organizations, including hospitals, health systems, insurers, community health centers, health information exchange organizations, pharmaceutical and biotechnology companies, and mobile app developers on health information privacy issues, including compliance with HIPAA and state medical record confidentiality laws, as well as other compliance- related matters. She conducts regulatory diligence in connection with...

212-896-0624
Eva Schifini Corporate Attorney Sheppard Mullin Century City, CA
Associate

Eva Schifini is an associate in the Corporate Practice Group in the firm's Century City office and is a member of the firm’s Healthcare team.

Prior to joining Sheppard Mullin, she worked as a research assistant to an economist at the Leonard D. Schaeffer Center for Health Policy & Economics at University of Southern California.

310-228-2296
Advertisement
Advertisement