Ransomware Attack is HIPAA Breach: 5 Steps To Protect Your PHI

5 Steps To Protect Your PHI From Ransomware

With the rise in ransomware attacks targeting healthcare organizations, the U.S. Department of Health and Human Services (HHS) has issued a guidance document that explains the basics of ransomware, what organizations should do in the event of data breach, and how to contain the attack from stealing sensitive patient data.

The Ransomware and HIPAA guidelines released on July 11, 2016, categorize ransomware attacks as a data breach of the Health Insurance Portability and Accountability Act (HIPAA). According to the American Medical Association, penalties for HIPAA violations can total up to $1.5 million per year, depending on the severity.

HHS GUIDANCE

HOW CAN DIGITAL GUARDIAN HELP?

1. Conduct Risk Analysis

“Implementing a security management process, which includes conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and implementing  security measures to mitigate or remediate those identified risks”

Data Loss Prevention (DLP) is a security measure critical to protecting sensitive data. Fortra™’s Digital Guardian® ’s DLP solution provides a number of mechanisms to analyze risks to PHI per the HIPAA Security Rule and limit PHI access to the “Minimum Necessary”.

  • Deep visibility into PHI stored on laptops, workstations, and servers that are unencrypted
  • Measure PHI being emailed out of your organization
  • Detect PHI being transferred out of your organization in unencrypted FTP
  • Audit PHI being copied to USB devices or burned to CDs or DVDs
  • Track and control PHI in, or being uploaded to, the cloud

2. Protect Against Advanced Threats

“Implementing procedures to guard against and detect malicious software”

With proper protocols and tools in place, you can spot and contain breaches before sensitive data gets out.

  • Digital Guardian’s Advanced Threat Protection takes a data-centric approach to advanced threat detection, incident response and prevention that ensures data is secured at all times.

3. Train Users

“Training users on malicious software protection so they can assist in detecting malicious software and know how to report such detections”

Users can be trained to notify IT in real-time and help stop the attack in progress

  • Digital Guardian’s Advanced Threat Protection solution detects in real-time, behaviors indicative of advanced threat attacks targeting your systems, users and data.
  • The solution allows you to set rules to alert the user (via prompts) when their system is under attack.

4. Plan Incident Response and Recovery

“The HIPAA Security Rule requires covered entities and business associates to implement policies and procedures that can assist an entity in responding to and recovering from a ransomware attack”

Having an incident response plan will guide you on how to respond to such attacks.

  • Carefully crafted cyber security incident response plans provide a formal, coordinated approach for responding to security incidents affecting sensitive patient data.
  • Digital Guardian’s e-book, the Incident Responder’s Field Guide, provides easy-to-follow steps for crafting an incident response plan in the event of cyber security attacks.

5. Implement Access Controls

“Implementing access controls to limit access to ePHI to only those persons or software programs requiring access”

Digital Guardian takes a ‘data-centric’ approach to safeguarding sensitive data.

  • Our DLP solution allows you to create automated, policy-based controls over how users interact with sensitive data. It applies automatic, content aware and context-aware controls to assure usage meets data protection policies.
  • As a result, users can access the tools and information they need, but sensitive data always remains safe.

How Does Digital Guardian Stop Ransomware?

Text

Digital Guardian’s Data Loss Prevention (DLP) armed with Advanced Threat Protection (ATP) provides strong layers of defense against ransomware. Our Advanced Threat Protection uses a combination of threat intelligence and attack sequencing to detect behaviors indicative of ransomware, then isolates ransomware before it can encrypt anything. This solution is offered as fully managed services, so that the healthcare organizations can focus on its core business of offering high quality patient care and leave the worries of data loss and advanced threats to our security experts.

LEARN MORE

 

Why Digital Guardian For Ransomware Protection?

1. SOLUTIONS TAILORED TO YOUR NEEDS

Choose our Advanced Threat Protection managed service or our turnkey on premises Application Whitelisting depending on your needs and budget

2. DEDICATED TEAM OF THREAT EXPERTS

Digital Guardian’s team of cyber threat experts identifies suspicious activities across the enterprise. Daily research of new threats combined with our capabilities for advanced rules, machine learning and behavioral analysis provide actionable information to stop the ever evolving ransomware attacks.

3. BROADEST PROTECTION COVERAGE

Digital Guardian’s Advanced Threat Protection service offers the industry’s broadest protection coverage, including Microsoft Windows, Apple OS X and Linux endpoints, recognizing both structured and unstructured files running on multiple systems.

4. EASY TO DEPLOY

Digital Guardian’s solutions for ransomware protection are easy to deploy and manage. The whitelisting agents install in minutes and begin protecting endpoint systems immediately. The Advanced Threat Protection leverages our data security experts to manage roll out and ongoing operations. As an extension of your team, we’ll expertly develop, deploy, and manage all of your policies enterprise-wide as if they were our own.

See how Digital Guardian can protect your organization’s sensitive data and critical assets.

SCHEDULE A DEMO