One year into the coronavirus (COVID-19) pandemic, phishing attacks against healthcare organizations remain a chief concern. Threat actors are constantly finding new vulnerabilities to exploit. It’s like a game of whack-a-mole: When healthcare organizations swat away one problem, another pops up.
As ransomware attacks and phishing attempts persist in the age of the coronavirus (COVID-19), healthcare organizations have correctly poured many resources into combatting these attacks. However, as always, cybercriminals are finding new ways to access protected health information (PHI).
Cybercrime is up in the healthcare industry, and it’s a good idea to make sure you’re ready to respond to cyber incidents. The key to speedy mitigation is to have a security incident response plan, test the plan, and make sure it works as you exercise it. Having a plan is also a HIPAA Security Rule requirement.
Q: Is it considered a HIPAA violation for facilities to keep patient charts outside of exam rooms or at a patient's bedside? Most providers prefer to have the charts handy to review just before seeing the patient. However, anyone could walk by the room and potentially get a glance at the information. Would this be considered an incidental disclosure?