Upcoming Webinars

Site Updates

Disclaimer

The analysis of any legal or medical billing is dependent on numerous specific facts — including the factual situations present related to the patients, the practice, the professionals and the medical services and advice. Additionally, laws and regulations and insurance and payer policies are subject to change. The information that has been accurate previously can be particularly dependent on changes in time or circumstances. The information contained in this web site is intended as general information only. It is not intended to serve as medical, health, legal or financial advice or as a substitute for professional advice of a medical coding professional, healthcare consultant, physician or medical professional, legal counsel, accountant or financial advisor. If you have a question about a specific matter, you should contact a professional advisor directly. CPT copyright American Medical Association. All rights reserved. CPT is a registered trademark of the American Medical Association.

Menu
Log in
Forgot password


Search
Log in
Forgot password

Improving the Cybersecurity Posture of Healthcare in 2022

28 Feb 2022 9:56 AM | Zachary Edgar (Administrator)

Cyberattacks grabbed headlines throughout 2021 as hacking and IT incidents affected government agencies, major companies, and even supply chains for essential goods, like gasoline.  For healthcare, this year was even more turbulent as cybercriminals took advantage of hospitals and healthcare systems responding to the Covid-19 pandemic.  More than one health care provider was forced to cancel surgeries, radiology exams, and other services, because their systems, software, and/or networks had been disabled. And at the end of December, a critical vulnerability in a widely used Java-based software known as “Log4j” grabbed headlines with warnings about the potential risks this security flaw could pose for organizations of all sizes.  Such unpatched vulnerabilities give hackers easy access to an organization’s computer server, and possible entry into other parts of a network. These reports underscore why it is so important for health care to be vigilant in their approach to cybersecurity. With these risks in mind, I would like to call on covered entities and business associates to strengthen your organization’s cyber posture in 2022.

All too often, we see that risk analyses only cover the electronic health record.  I cannot underscore enough the importance of enterprise-wide risk analysis.  Risk management strategies need to be comprehensive in scope.  You should fully understand where all electronic protected health information (ePHI) exists across your organization – from software, to connected devices, legacy systems, and elsewhere across your network.

If you haven’t looked at your risk management policies and procedures recently to prevent or mitigate these concerns, now is the time to do so.  Some best practices include:

  • Maintaining offline, encrypted backups of data and regularly test your backups;
  • Conducting regular scans to identify and address vulnerabilities, especially those on internet-facing devices, to limit the attack surface;
  • Regular patches and updates of software and Operating Systems; and
  • Training your employees regarding phishing and other common IT attacks.

Good cyber hygiene habits help keep your network healthy and protect the ePHI on your systems.  OCR is here to help with guidance and resources:


About Us

Therapy Comply is a healthcare compliance firm that seeks to bring high quality web-based compliance guidance and one-on-one consulting services to small and medium size physical, occupational, and speech therapy practices.

Learn More 

Join Us

Join today as either a monthly or a yearly member and enjoy full access to the site and a significant discount to our live and recorded webinars.  Members also have access to compliance and billing support.

Join Today 

Find Us


Powered by Wild Apricot Membership Software