Live webinar HHS Guidance on Ransomware in Healthcare

01:00 PM EDT | 10:00 AM PDT | 12:00 PM CDT Duration 90 Minutes

Webinar Includes : All the training handouts , Certficate ,Q/A and 90 mins Live Webinar.


Join This course On March 15, 2017 at 01:00 PM EST at 01:00 PM EST | 12:00 PM CST | 10:00 AM PST

healthcare sector perspective, including the role the Health Insurance Portability and Accountability Act (HIPAA) has in assisting HIPAA covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack.

Following good practices according to HIPAA helps both prevent and recover from ransomware incidents. Organizations that do follow good practices are able to shrug off ransomware attaches and know exactly what has happened and whether or not reporting a breach to HHS is warranted.

Prevention of a ransomware incident is the essential first step, that takes place largely through training of staff to not open any documents or click on any links unless they are absolutely sure of the source and content. The way ransomware works, an individual is usually tricked into visiting an infected Web site or opening a Word document with a malicious attachment, and the only way to avoid the initial contact is to train, retrain, and train again workers to be vigilant and pick up the phone and make a call if they are not convinced of the source and content of the link or attachment.

If the contact is made and the attack is launched, having a securely segmented network with tight firewalls between the segments can prevent cross infection and attack of resources, and limit the damage caused by the attack. Using network-monitoring tools can help spot trouble based on anomalous network behavior that the attack causes, and give you the chance to lock down the infection so it can be eradicated and the damage can be evaluated.

Once evaluated, you may or may not have a breach to report. If your data is still available and access has been virtually uninterrupted, you satisfy that requirement, but unless your analysis can show that there has been no exfiltration of data and no infection remains, you may have to report the incident as a breach under HIPAA.

Handling a malware incident like ransomware can severely test your preparedness, cost large sums of money, and result in reportable breaches that will be investigated by the HHS Office of Civil Rights. Being ready to face the threat and respond appropriately to ransomware can mean the difference between an annoyance and a disaster. This session will help entities understand how to be ready to face the threat and avoid disaster.

Why should you attend :

Healthcare entities are especially being targeted by Ransomware and HHS OCR has issued new guidance on how to avoid the effects of Ransomware, and what it means to compliance if your data does become held hostage.

A recent U.S. Government interagency report indicates that, on average, there have been 4,000 daily ransomware attacks since early 2016 (a 300% increase over the 1,000 daily ransomware attacks reported in 2015).

Ransomware exploits human and technical weaknesses to gain access to an organization’s technical infrastructure in order to deny the organization access to its own data by encrypting that data. Being unprepared for ransomware means having to face demands for payment from criminals, loss of control of your information, and requirements to report such incidents as breaches.

Even if you pay off the ransom, you may not get control of your data back, and you may never know if the data remains compromised or not. Victims of ransomware face the expense of recovery, the hassle of compliance issues like breach reports, and the loss of good will with patients who may never trust your organization agai

Areas Covered

-- What is Ransomware?
-- Preventing Ransomware attacks
-- The value of User Training
-- Making your Networks more resistant to attacks
-- Understanding the Impact of a Ransomware attack
-- Responding to the attack
-- Recovering from a Ransomware attack
-- Evaluating Ransomware attacks as reportable Breaches

Who will Benefit

-- Compliance director
-- CEO
-- CFO
-- Privacy Officer
-- Security Officer
-- Information Systems Manager
-- HIPAA Officer
-- Chief Information Officer
-- Health Information Manager
-- Healthcare Counsel/lawyer
-- Office Manager
-- Contracts Manager

Industries who can attend

This 90-minute online course is intended for professionals in the Healthcare Industry.

Speaker Profile

Jim Sheldon-Dean

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. 

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C. 

Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development. His experience includes leading the development of health care related Web sites; award-winning, best-selling commercial utility software; and mission-critical, fault-tolerant communications satellite control systems. In addition, he has eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.

Back to Top