(Jan. 17, 2022)–A Special Message from OC Reilly:  This week, we were left feeling especially vulnerable after a cybersecurity breach occurred in our own system. Fortunately, our team reacted quickly to minimize the potential risk. That’s when the phrase, “it can happen to anyone,” really hit home.  That said, we strive to be Firm, Fair and Aggressive in our approach to all aspects of our organization, and we need to do better!  We are simultaneously patching our own potential weaknesses and accelerating the development of sound and effective solutions for our customers. Look for an update soon.  In the meantime, here is some insight by one of our trusted tech advisors.

By Paul Sikora, Guest Columnist

(Jan. 17, 2022)–The U.S. Department of Health and Human Services recently released updated an extremely useful set of cybersecurity best practices, covering everything from the small physician practice to the largest health systems. 

Savvy healthcare executives, including Chief Information Officers, should use this guide to ensure that any technology and/or vendor solutions now in place also includes specifics to address the guidelines and recommendation in this HHS update. As a former healthcare Chief Information Officer and Chief Technology Officer I can vouch for their veracity and applicability. 

The HHS 405(d) Aligning Health Care Industry Security Approaches Program offers healthcare providers and public health officials updated information on cybersecurity, patient safety resources, and best practices.  The 405(d) program is the product of a congressional mandate under the Cybersecurity Act of 2015.  Section 405(d) HHS created the Cybersecurity Act Task Group to strengthen cybersecurity efforts within the healthcare and public health sectors.  

The Cybersecurity Act Task Group worked with more than 150 public and private industry players to launch the website and create content aiming to help the healthcare industry combat cybersecurity threats.  The 405(d) Program and Task Group is a collaborative effort between industry and the federal government, which aims to raise awareness, provide vetted cybersecurity practices, and move organizations towards consistency in mitigating the current most pertinent cybersecurity threats to the sector.

 Why is this so important?  Because of these troubling statistics, any one of which can greatly jeopardize a health system’s integrity and bottom line:

·       On their first day, new employees at small organizations have instant access to more than 11,000 exposed files, nearly half of which contain sensitive data.

·       About two-thirds of organizations have 500 or more accounts with passwords that never expire.

·       Organizations that willfully neglect HIPAA rules and make no effort to protect sensitive patient data may be fined up to $1.5 million per year.

·       The average cost of a data breach in the healthcare sector was $7.13 million in 2020.

Cybersecurity must remain a high priority for healthcare providers.  The federal HHS has information to help achieve this key operational and financial goal.  To learn more about all products and resources available to stakeholders, visit https://405d.hhs.gov/public/navigation/home

 © 2022 OC Reilly, Inc.