Cybersecurity Practices for Health Care Organizations — Cybersecurity Act Task Force Recommendations
01:00 PM ET | 10:00 AM PT | 12:00 PM CT Duration 90 Minutes
Webinar Includes : All the training handouts , certificate ,Q/A and 90 mins Live Webinar
"Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC"
Learn how Cybersecurity is different from other kinds of security
Healthcare information has been protected according to regulations under the Health Insurance Portability and Accountability Act (HIPAA) since 2003 but new attacks by malicious external actors (hackers) pose new threats to the confidentiality, integrity, and availability of Protected Health Information (PHI). The National Institute of Standards and Technology (NIST) has released Cybersecurity guidance to assist with preparations to avoid and respond to threats, and the Cybersecurity Act of 2015 has resulted in guidance in Health Industry Cybersecurity Practices, with implementation guidance for both small and large organizations, identifying five current threats and ten practices to deal with them.
If you are not prepared to deal with Cybersecurity issues your organization can be brought to its knees. More than one healthcare entity has had to scrap its entire IT infrastructure to recover from an attack, at a cost of millions of dollars, and entities that are not sufficiently prepared to deal with Cybersecurity issues may receive penalties from the US Department of Health and Human Services if a breach occurs.
Now is the time to be sure your Cybersecurity stance is strong and resilient and follows recommendations by HHS, NIST, and the Cybersecurity Act of 2015, Section 405(d) Task Group.
In this session, we will examine how following the requirements of the HIPAA Security Rule and specifically taking into consideration cyber-threats can help a healthcare entity prepare itself to defend against cyber-attacks and the significant impacts to privacy, security, and patient care and safety that can result. We will learn about the latest guidance and tools for assisting in preparation and response to cyber-attacks, and what to do if the attack is successful and creates an incident that must be managed and recovered from.
Dealing with Cybersecurity begins with prevention of issues through good practices, good training, and good people who know how to do the right thing. It is important to take reasonable precautions that follow good network practices for preventing and isolating malicious activity, including anti-malware, complex firewalling and network segmentation, and monitoring. Staff and all users must be trained to not be the attack vector when a malicious actor sends a message that includes a link or attachment that can launch a devastating attack on your services and practices.
Overall, following the practices established in the HIPAA Security Rule and recommended by the Cybersecurity Act of 2015, Section 405(d) Task Group can help prevent Cybersecurity incidents through appropriate consideration of current issues, including Cybersecurity, in Risk Analysis and Risk Mitigation planning.
When an incident does occur, it is important to have a prepared plan for how to evaluate and respond to incidents so that any damage is minimized and the appropriate notification of breaches takes place. And, finally, any incident is an opportunity to learn how to do better the next time through better avoidance and better response to Cybersecurity incidents
• At the conclusion of the session, participants will be able to:
• Understand how the HIPAA Security Rule addresses Cybersecurity, and how to use the rule to prevent cyber- attacks.
• Learn about the Cybersecurity Act of 2015, Section 405(d) Task Group reports, including in-depth explorations of the top five current threats and ten practices to deal with them, in large and small organizations.
• Learn how Cybersecurity is different from other kinds of security issues and why it deserves special attention.
• Learn about the NIST Cybersecurity Framework and how to use it to prepare for and respond to Cybersecurity events.
• Understand the importance of regular, repeated training to help prevent the initiation of an attack on your systems.
• Learn how to respond to and follow up on an attack that may result in a breach of information.
Who will Benefit
Attendees should include Compliance Officers, Privacy and Security Officers, and leadership and staff in health information management, information security, and patient relations, as well as staff in patient intake and front-line patient relations and any others that are involved in, interested in, or responsible for, patient communications, information management, and privacy and security of Protected Health Information under HIPAA, including:
• Compliance director
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager
Industries who can attend
This 90-minute online course is intended for professionals in the Healthcare Industry.