Security Review Hinf2518

Tyler Schumann

(HINF 4518 - Literature Review)

McGee, M. K. (2016, March 29). Ransomware: Time for a HIPAA Update? Retrieved April 24, 2016, from http://www.healthcareinfosecurity.com/ransomware-time-for-hipaa-update-a-9002

Summary: In an attempt to further protect patients’ personal health information (PHI), the latest threats in cybersecurity must be known and appropriate action must take place to combat such attacks. The most ideal situation involves implementing security controls to prevent any breach from occurring, but often some viruses and other threats do come through in a healthcare organization. One of the biggest menaces in attempting to gain access to patients’ medical records is Ransomware. In essence, a group of hackers installs malicious software onto a computer system, which encrypts files and demands a ransom to be paid to unlock the data. The data can include important health information needed for quality patient care and without access to the Electronic Health Record, the care plan is greatly affected and may cause more harm than good. Some new provisions to the Health Insurance Portability and Accountability Act (HIPAA) proposed by a spokesman for the Department of Health and Human Services’ Office for Civil Rights may make such attacks reportable under the act. These reports may initiate investigations and additional research to help healthcare entities prevent Ransomware from invading their file systems. There is also a Call to Action to immediately implement provisions of the Cybersecurity Information Sharing Act of 2015.

Critique: I find this article useful and relevant because the Ransomware virus is an ever-so-dynamic threat to health information. Computer viruses can come in many formats, names, and deliveries so it is important to take action in improving our cybersecurity efforts. As healthcare professionals, we need superior prevention and response protocols to ensure personal identifiable information such as names, Social...