About Us
TechTarget’s Jill McKeon reported that the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) recently settled ransomware investigations involving two medical providers, in which the OCR issued civil monetary penalties totaling $490,000 for failing to fully comply with the HIPAA Security Rule by regularly and persistently maintaining malware prevention services.
The fact that neither case involved the most common source of data loss, insider-enabled disclosures, highlights the substantial cost of security complacency when it comes to detecting and mitigating ransomware before damage occurs.
Held to an even more stringent standard than PII (Personally Identifiable Information), PHI (Personal Health Information) is a prime target for threat actors, and losing control carries significant and long-reaching monetary and reputational consequences. Compliance with the Security Rule is best achieved through persistent and real-time prevention measures to detect and mitigate the impact of malicious software that could compromise the security of electronic PHI (ePHI).
Continuous monitoring and rapid response are the cornerstones of preventing ransomware attacks that often lead to disclosures. When such confidential data is stored across multiple cloud platforms and other storage repositories, maintaining control and active prevention measures requires substantial work. CSS’s cloud-based malware detection service simplifies the process by running natively across multiple cloud platforms, providing constant monitoring and enabling rapid responses through active functions that detect malware, isolate infected files, remove malware, scan backups for infections, and support the restoration of ePHI.
Failure to comply with standards and best practices is clearly not going to be tolerated in the healthcare sector – and can be equally damaging in nearly every market sector. Enterprises need to embrace new protective and preventative measures to stay ahead of the growing strength and sophistication of ransomware attacks. If doing it in real time with automated responses are not boardroom topics today, they should be.
Share:
.svg)