The HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

OCR Video Explains How to Improve Cybersecurity Defenses Through HIPAA Security Rule Compliance

Posted By on Oct 31, 2023

The HHS’ Office for Civil Rights has released a video in recognition of National Cybersecurity Awareness Month that explains how compliance with the HIPAA Security Rule can help HIPAA-regulated entities defend against cyberattacks. The video features Nick Heesters, Senior Advisor for Cybersecurity for the Health Information Privacy, Data, and Cybersecurity Division of the HHS’ Office for Civil Rights, who discusses some of the real-world cyberattack trends identified by OCR from breach reports.

There has been a massive increase in healthcare data breaches since the HIPAA Breach Notification Rule was enacted. In 2010, the first full year of breach report data, OCR received 199 reports of healthcare data breaches of 500 or more records. More than 700 data breaches were reported in both 2021 and 2022, and 2023 looks set to become the third successive year with more than 700 reported data breaches.

In the year to September 30, 2023, hacking and other IT incidents accounted for 77% of all large data breaches, compared to just 49% of incidents in 2009, and as of September 30, 2023, more than 79 million healthcare records have been exposed or impermissibly disclosed. There has been a 239% increase in hacking-related data breaches since 2018 and a 278% increase in ransomware incidents over the same period.

OCR investigates all breaches of 500 or more healthcare records to identify any HIPAA compliance issues that caused or contributed to breaches. Heesters explains some of the most common HIPAA compliance issues and security weaknesses that have been exploited by malicious actors to gain access to internal networks, focusing on the most common attack vectors such as phishing, compromised accounts, and unpatched vulnerabilities.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Heesters explains how specific provisions of the HIPAA Security Rule can help HIPAA-regulated entities protect against cyberattacks, detect attacks in progress, and mitigate the most common types of cyberattack, such as security awareness and training, authentication, access control, and risk analysis/risk management.

The video can be viewed on OCR’s YouTube Channel and is available in English and Spanish.

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist