%PDF-1.4 %âãÏÓ 1 0 obj << /Type /Catalog /Pages 2 0 R >> endobj 2 0 obj << /Type /Pages /Count 4 /Kids [5 0 R 7 0 R 9 0 R 11 0 R] >> endobj 3 0 obj << /Type /Font /Subtype /Type1 /BaseFont /Helvetica >> endobj 4 0 obj << /Type /Font /Subtype /Type1 /BaseFont /Helvetica-Bold >> endobj 5 0 obj << /Type /Page /Parent 2 0 R /MediaBox [0 0 595.28 841.89] /Resources << /Font << /F1 3 0 R /F2 4 0 R >> >> /Contents 6 0 R >> endobj 6 0 obj << /Length 5835 >> stream BT /F2 22 Tf 0.06 0.08 0.12 rg 1 0 0 1 46 789.89 Tm (How to Improve Healthcare Cybersecurity and) Tj ET BT /F2 22 Tf 0.06 0.08 0.12 rg 1 0 0 1 46 762.89 Tm (HIPAA Compliance) Tj ET BT /F2 11 Tf 0.72 0.14 0.18 rg 1 0 0 1 46 725.89 Tm (TechRounder PDF Edition) Tj ET BT /F1 9.5 Tf 0.36 0.39 0.46 rg 1 0 0 1 46 709.89 Tm (Live article:) Tj ET BT /F1 9.5 Tf 0.36 0.39 0.46 rg 1 0 0 1 46 697.39 Tm (https://www.techrounder.com/security/few-tips-to-defend-against-cybersecurity-attacks-with-hipaa-compliance/) Tj ET q 0.82 0.85 0.9 RG 1 w 46 678.89 m 549.28 678.89 l S Q BT /F1 10 Tf 0.24 0.27 0.32 rg 1 0 0 1 46 666.89 Tm (By Vipin PG | Published November 25, 2022 | Updated March 24, 2026 | Format: Guide | 8 min read) Tj ET BT /F2 13 Tf 0.72 0.14 0.18 rg 1 0 0 1 46 643.89 Tm (Quick answer) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 623.89 Tm (Protecting patient data under HIPAA requires moving beyond basic checklists to focus on active risk) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 608.89 Tm (management. You can secure your environment by conducting deep risk analyses, enforcing) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 593.89 Tm (multi-factor authentication \(MFA\), and maintaining a disciplined patching schedule.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 568.89 Tm (There's no such thing as a quiet day in healthcare IT anymore. Between phishing, ransomware, and) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 553.89 Tm (unmanaged devices on your network, the environment where patient data lives is under constant) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 538.89 Tm (pressure. This is exactly why HIPAA still matters. It isn't a magic shield that stops every attack, but the) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 523.89 Tm (Security Rule gives you a realistic framework to stop a bad day from turning into a full-scale) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 508.89 Tm (reportable breach.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 486.89 Tm (When you use it correctly, HIPAA points you toward the controls that actually matter. These include risk) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 471.89 Tm (analysis, strict access limits, better authentication, and solid audit logging. It's about workforce) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 456.89 Tm (training, keeping up with patches, and having an incident response plan that actually works. HHS) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 441.89 Tm (continues to provide Security Rule guidance to address these headaches. The 2023 HICP healthcare) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 426.89 Tm (practices documents also help align these safeguards with the threats teams see on the ground today.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 404.89 Tm (The stakes aren't just theoretical. If you look at OCR's recent enforcement actions, they hit the same) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 389.89 Tm (weak spots: poor risk analysis, messy access management, and systems that should have been updated) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 374.89 Tm (years ago. Fundamentals are what break first. This is why HIPAA compliance can help protect your) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 359.89 Tm (patients and your reputation. If you take it seriously, you're lowering your operational risk. If you) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 344.89 Tm (treat it as a checkbox, it's just paperwork that won't help when an attacker gets inside.) Tj ET BT /F2 15 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 316.89 Tm (How do you perform a real HIPAA risk analysis?) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 292.89 Tm (If one thing separates a serious security program from one that's just for show, it's the risk) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 277.89 Tm (analysis. HIPAA requires a deep, accurate look at the vulnerabilities facing your ePHI. HHS emphasizes) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 262.89 Tm (this because far too many organizations treat it like a "one and done" form they fill out once a year. A) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 247.89 Tm (better way to handle it is to use formal risk analysis guidance to map out where your data lives, who) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 232.89 Tm (touches it, and what happens if a system goes dark.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 210.89 Tm (This process is where you find the stuff attackers love: flat networks where anyone can go) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 195.89 Tm (anywhere, "stale" admin accounts from former employees, and cloud tools used without IT's) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 180.89 Tm (knowledge. OCR has been blunt about this in audits. Most organizations they checked failed to properly) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 165.89 Tm (implement risk management. That should be a wake-up call for everyone in the sector.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 143.89 Tm (A good risk analysis shouldn't feel abstract. It needs to name specific systems, threat scenarios, and) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 128.89 Tm (who is responsible for fixing things by a certain date. If your team can't explain your biggest risks in) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 113.89 Tm (plain English, you aren't finished yet.) Tj ET BT /F2 15 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 85.89 Tm (What are the best ways to harden healthcare IT systems?) Tj ET q 0.86 0.88 0.92 RG 1 w 46 42 m 549.28 42 l S Q BT /F1 8.4 Tf 0.42 0.45 0.5 rg 1 0 0 1 46 30 Tm (TechRounder | Page 1 of 4) Tj ET BT /F1 7.2 Tf 0.42 0.45 0.5 rg 1 0 0 1 46 19 Tm (https://www.techrounder.com/pdf/blog/few-tips-to-defend-against-cybersecurity-attacks-with-hipaa-compliance.pdf) Tj ET endstream endobj 7 0 obj << /Type /Page /Parent 2 0 R /MediaBox [0 0 595.28 841.89] /Resources << /Font << /F1 3 0 R /F2 4 0 R >> >> /Contents 8 0 R >> endobj 8 0 obj << /Length 5946 >> stream BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 789.89 Tm (Modern system hardening is about more than just updating a few apps. You need to secure every) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 774.89 Tm (surface an attacker might touch-especially VPNs, remote support tools, and email clients. In their) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 759.89 Tm (January 2026 newsletter, HHS pointed out that unpatched software is a direct risk to the availability of) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 744.89 Tm (patient data. It must be part of your risk analysis.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 722.89 Tm (Attackers don't usually need fancy "zero-day" exploits if your environment is full of old, neglected) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 707.89 Tm (software. A disciplined patching routine is actually more valuable than almost any expensive security) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 692.89 Tm (product. Use your own asset inventory and the CISA KEV vulnerability catalog to figure out which flaws) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 677.89 Tm (are being actively used by hackers and fix those first.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 655.89 Tm (This logic applies to your endpoints too. If you aren't using a piece of software, get it off the machine.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 640.89 Tm (Limit local admin rights so a single mistake doesn't compromise the whole box. In healthcare, we often) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 625.89 Tm (trade security for convenience, but that expands your attack surface until it's unmanageable. You have) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 610.89 Tm (to push back on that trend.) Tj ET BT /F2 15 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 582.89 Tm (How should healthcare organizations handle authentication and access?) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 558.89 Tm (HIPAA says your authentication has to be appropriate for the risk. In 2026, a simple username and) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 543.89 Tm (password just doesn't cut it. HHS has issued specific guidance on this, and CISA is very clear about the) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 528.89 Tm (necessity of multifactor authentication. Whether it's email, your EHR, or a third-party portal, MFA) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 513.89 Tm (should be the standard across the board.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 491.89 Tm (This is also where "least privilege" comes into play. People should only see the data they actually need) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 476.89 Tm (to do their jobs. We need to get better at disabling old accounts quickly and ending the habit of shared) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 461.89 Tm (logins. Your staff still need to protect your data with much better account hygiene than they might use) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 446.89 Tm (for personal social media.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 424.89 Tm (Attackers love "over-provisioned" environments because one compromised account can grant access) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 409.89 Tm (to everything. By limiting that access, you're essentially shrinking the "blast radius" of any single) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 394.89 Tm (breach. Every user should have the minimum access necessary for their specific role.) Tj ET BT /F2 15 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 366.89 Tm (Why is a fast patching process critical for HIPAA compliance?) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 342.89 Tm (Keeping your network updated is still one of the most effective things you can do, but patching has to) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 327.89 Tm (be smart. You can't just update everything once a month and hope for the best. An internet-facing) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 312.89 Tm (device might get hit in that three-week window before your next update. You need to know which) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 297.89 Tm (systems are critical and which ones are exposed to the web.) Tj ET BT /F1 10.5 Tf 0.2 0.23 0.28 rg 1 0 0 1 46 275.89 Tm (- Identify Critical Systems: Document every system that handles ePHI and prioritize updates for) Tj ET BT /F1 10.5 Tf 0.2 0.23 0.28 rg 1 0 0 1 46 262.09 Tm (internet-facing assets.) Tj ET BT /F1 10.5 Tf 0.2 0.23 0.28 rg 1 0 0 1 46 245.29 Tm (- Manage Legacy Software: For systems that are hard to patch, use network segmentation or extra) Tj ET BT /F1 10.5 Tf 0.2 0.23 0.28 rg 1 0 0 1 46 231.49 Tm (monitoring to lower the risk.) Tj ET BT /F1 10.5 Tf 0.2 0.23 0.28 rg 1 0 0 1 46 214.69 Tm (- Follow HHS Goals: Use the voluntary healthcare cybersecurity goals to turn vague advice into actual) Tj ET BT /F1 10.5 Tf 0.2 0.23 0.28 rg 1 0 0 1 46 200.89 Tm (expectations.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 184.09 Tm (The law doesn't expect you to be perfect, but it does expect a process you can defend. If a system) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 169.09 Tm (stays vulnerable, you should be able to explain why and what you're doing to protect it in the meantime.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 154.09 Tm (Consistent patching is still one of the best ways to prevent common cybersecurity attacks. It's all about) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 139.09 Tm (speed and prioritization.) Tj ET BT /F2 15 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 111.09 Tm (What are the requirements for passwords and encryption under HIPAA?) Tj ET q 0.86 0.88 0.92 RG 1 w 46 42 m 549.28 42 l S Q BT /F1 8.4 Tf 0.42 0.45 0.5 rg 1 0 0 1 46 30 Tm (TechRounder | Page 2 of 4) Tj ET BT /F1 7.2 Tf 0.42 0.45 0.5 rg 1 0 0 1 46 19 Tm (https://www.techrounder.com/pdf/blog/few-tips-to-defend-against-cybersecurity-attacks-with-hipaa-compliance.pdf) Tj ET endstream endobj 9 0 obj << /Type /Page /Parent 2 0 R /MediaBox [0 0 595.28 841.89] /Resources << /Font << /F1 3 0 R /F2 4 0 R >> >> /Contents 10 0 R >> endobj 10 0 obj << /Length 6264 >> stream BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 789.89 Tm (Passwords aren't going away, but they shouldn't be your only line of defense. Use a password) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 774.89 Tm (manager, block the use of simple or reused passwords, and remove any default credentials that came) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 759.89 Tm (with your hardware. That is the bare minimum for any modern healthcare organization.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 737.89 Tm (Then there's encryption. A lot of people get confused because HIPAA calls encryption "addressable") Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 722.89 Tm (rather than strictly mandatory. However, encrypting data at rest and in transit is one of the smartest) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 707.89 Tm (things you can do for your peace of mind. It makes breaches much less damaging and simplifies your) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 692.89 Tm (legal defense if something goes wrong. HHS is very clear that if you're sending data over an open) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 677.89 Tm (network, it needs protection.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 655.89 Tm (This means you need to look at laptops, phones, backups, and even how people send files. If staff are) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 640.89 Tm (texting patient info through unapproved apps or moving data to personal thumb drives, you have a) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 625.89 Tm (major problem. Those small habits are often how the biggest breaches start.) Tj ET BT /F2 15 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 597.89 Tm (How can you monitor endpoints and backups to prevent data loss?) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 573.89 Tm (Laptops and workstations are still the easiest way into your network. Whether it's a doctor's laptop or) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 558.89 Tm (a workstation in a shared lobby, these are often the "first hop" for an attacker. Old-school antivirus) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 543.89 Tm (isn't going to cut it anymore. You need endpoint monitoring that can spot weird behavior and alert you) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 528.89 Tm (before it spreads.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 506.89 Tm (HIPAA also requires you to have a plan for security incidents, which becomes life-or-death when) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 491.89 Tm (ransomware is involved. The HHS ransomware and HIPAA guidance is worth a read because it) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 476.89 Tm (connects your prevention efforts directly to your breach reporting duties. Your backups should be) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 461.89 Tm (isolated from the main network and regularly tested.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 439.89 Tm (If you say you can recover from a disaster but you've never actually tried it, you're in for a rough) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 424.89 Tm (surprise. By keeping a constant eye on your endpoints, you can better defend against common) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 409.89 Tm (cybersecurity attacks before they move laterally into your patient-facing systems.) Tj ET BT /F2 15 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 381.89 Tm (How do you turn healthcare staff into a security defense?) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 357.89 Tm (Most breaches don't look like a scene from a hacker movie. They start with a regular person clicking) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 342.89 Tm (a link they shouldn't or getting tricked into giving up a password. That's why training is a security) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 327.89 Tm (control, not just a boring HR task to get through once a year. Attackers are hacking people, not just) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 312.89 Tm (code.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 290.89 Tm (HHS guidance from October 2024 makes it clear that your training needs to cover modern threats:) Tj ET BT /F1 10.5 Tf 0.2 0.23 0.28 rg 1 0 0 1 46 268.89 Tm (- Phishing Awareness: Helping staff spot sophisticated emails that look like official requests.) Tj ET BT /F1 10.5 Tf 0.2 0.23 0.28 rg 1 0 0 1 46 252.09 Tm (- MFA Fatigue: Teaching staff not to click "approve" on notifications they didn't trigger.) Tj ET BT /F1 10.5 Tf 0.2 0.23 0.28 rg 1 0 0 1 46 235.29 Tm (- Help-Desk Scams: Training employees to verify the identity of anyone asking for "urgent" server access.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 218.49 Tm (If everyone from the CEO to the front-desk staff is watching the same generic five-minute video,) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 203.49 Tm (your training is too thin. The best organizations use real-world scenarios. When staff understand the) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 188.49 Tm ("why" behind the rules, they become your best defense rather than your biggest risk.) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 166.49 Tm (At the end of the day, HIPAA isn't a replacement for a security program-it's the foundation. The) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 151.49 Tm (organizations that handle this well aren't just "compliant." They are the ones that know where their) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 136.49 Tm (data is, keep their systems locked down, patch their vulnerabilities, and actually practice what to do) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 121.49 Tm (when things go wrong. Start with that risk analysis and don't stop there. Strengthen your logins, watch) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 106.49 Tm (your endpoints, and treat your staff like the vital part of the defense they are.) Tj ET BT /F2 15 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 78.49 Tm (Frequently Asked Questions) Tj ET q 0.86 0.88 0.92 RG 1 w 46 42 m 549.28 42 l S Q BT /F1 8.4 Tf 0.42 0.45 0.5 rg 1 0 0 1 46 30 Tm (TechRounder | Page 3 of 4) Tj ET BT /F1 7.2 Tf 0.42 0.45 0.5 rg 1 0 0 1 46 19 Tm (https://www.techrounder.com/pdf/blog/few-tips-to-defend-against-cybersecurity-attacks-with-hipaa-compliance.pdf) Tj ET endstream endobj 11 0 obj << /Type /Page /Parent 2 0 R /MediaBox [0 0 595.28 841.89] /Resources << /Font << /F1 3 0 R /F2 4 0 R >> >> /Contents 12 0 R >> endobj 12 0 obj << /Length 4806 >> stream BT /F2 13 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 789.89 Tm (Is encryption mandatory under the HIPAA Security Rule?) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 767.89 Tm (HIPAA classifies encryption as an "addressable" standard, meaning you must implement it if it is a) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 752.89 Tm (reasonable and appropriate safeguard for your environment. If you choose not to encrypt, you must) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 737.89 Tm (document why and implement an equivalent alternative to protect ePHI. In practice, encryption is) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 722.89 Tm (considered a standard best practice for securing data at rest and in transit.) Tj ET BT /F2 13 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 694.89 Tm (How often should a HIPAA risk analysis be performed?) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 672.89 Tm (While HIPAA doesn't set a specific calendar deadline, the law requires you to conduct risk analyses) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 657.89 Tm (frequently enough to account for changes in your environment. Most experts recommend an annual) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 642.89 Tm (review or whenever you implement new technology, experience a security incident, or change your) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 627.89 Tm (business workflow.) Tj ET BT /F2 13 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 599.89 Tm (What is the most common cause of HIPAA security breaches?) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 577.89 Tm (Many breaches result from basic security failures like phishing, unpatched software, or the loss of) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 562.89 Tm (unencrypted devices. Recent enforcement actions from the OCR show that a failure to conduct a) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 547.89 Tm (thorough risk analysis is often the underlying reason why these technical vulnerabilities exist in the) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 532.89 Tm (first place.) Tj ET BT /F2 13 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 504.89 Tm (Does HIPAA require multi-factor authentication \(MFA\)?) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 482.89 Tm (HIPAA requires organizations to implement "person or entity authentication" to verify that someone) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 467.89 Tm (seeking access to ePHI is who they claim to be. While the word "MFA" isn't in the original text, modern) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 452.89 Tm (HHS and CISA guidance strongly indicates that MFA is the necessary standard to meet this requirement) Tj ET BT /F1 11 Tf 0.14 0.16 0.2 rg 1 0 0 1 46 437.89 Tm (in today's threat landscape.) Tj ET BT /F2 13 Tf 0.08 0.1 0.14 rg 1 0 0 1 46 409.89 Tm (References) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 389.89 Tm (1. hhs.gov - hipaa / for-professionals -) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 376.39 Tm (https://www.hhs.gov/hipaa/for-professionals/security/guidance/index.html) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 358.89 Tm (2. 405d.hhs.gov - cornerstone / hicp - https://405d.hhs.gov/cornerstone/hicp) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 341.39 Tm (3. compliancy-group.com - https://compliancy-group.com/) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 323.89 Tm (4. hhs.gov - hipaa / for-professionals -) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 310.39 Tm (https://www.hhs.gov/hipaa/for-professionals/security/guidance/guidance-risk-analysis/index.html) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 292.89 Tm (5. cisa.gov - known-exploited-vulnerabilities-catalog -) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 279.39 Tm (https://www.cisa.gov/known-exploited-vulnerabilities-catalog) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 261.89 Tm (6. cisa.gov - topics / cybersecurity-best-practices -) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 248.39 Tm (https://www.cisa.gov/topics/cybersecurity-best-practices/multifactor-authentication) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 230.89 Tm (7. hhscyber.hhs.gov - performance-goals.html - https://hhscyber.hhs.gov/performance-goals.html) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 213.39 Tm (8. hhs.gov - hipaa / for-professionals -) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 199.89 Tm (https://www.hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/ransomware-fact-sheet/index.) Tj ET BT /F1 10 Tf 0.18 0.2 0.24 rg 1 0 0 1 46 186.39 Tm (html) Tj ET q 0.86 0.88 0.92 RG 1 w 46 42 m 549.28 42 l S Q BT /F1 8.4 Tf 0.42 0.45 0.5 rg 1 0 0 1 46 30 Tm (TechRounder | Page 4 of 4) Tj ET BT /F1 7.2 Tf 0.42 0.45 0.5 rg 1 0 0 1 46 19 Tm (https://www.techrounder.com/pdf/blog/few-tips-to-defend-against-cybersecurity-attacks-with-hipaa-compliance.pdf) Tj ET endstream endobj xref 0 13 0000000000 65535 f 0000000015 00000 n 0000000064 00000 n 0000000140 00000 n 0000000210 00000 n 0000000285 00000 n 0000000427 00000 n 0000006313 00000 n 0000006455 00000 n 0000012452 00000 n 0000012595 00000 n 0000018911 00000 n 0000019055 00000 n trailer << /Size 13 /Root 1 0 R >> startxref 23913 %%EOF