HHS Provides New Resources to Prevent Cyberattacks in Healthcare

Under the US Health Insurance Portability and Accountability Act’s (HIPAA’s) Security Rule, covered entities, including most dental offices, are required to adopt adequate means for safeguarding the confidentiality, integrity, and availability of PHI. This includes conducting a security risk analysis regularly to assess security vulnerabilities and the mechanisms currently in place to mitigate them, and then to determine what additional controls, if any, should be implemented. On April 17, 2023, a cybersecurity task force in the US Department of Health and Human Services (HHS) announced the release of the following resources to help address cybersecurity concerns in the healthcare sector.

• Knowledge on Demand – A new online educational platform that offers free cybersecurity trainings for health and public health organizations to improve cybersecurity awareness.
• Health Industry Cybersecurity Practices, 2023 Edition – A foundational publication to raise awareness of cybersecurity risks, provide best practices, and help healthcare facilities of all sizes set standards in mitigating the most pertinent cybersecurity threats to the sector.

Examples of cyberattacks include malicious programs such as malware, phishing, spyware, viruses, and ransomware; stolen hardware; unauthorized internet access; and fake websites. Some general tips to help prevent cyberattacks include:

• Make sure you know with whom you are communicating.
• Report suspicious texts and emails.
• Don’t download any unknown software or click on unknown links.
• Layer your protection with, at a minimum, strong passwords and multifactor authentication.
• Watch out for phishing attempts.
• Monitor your online accounts regularly.
• Train staff on cybersecurity and how to mitigate cyberthreats. – Under HIPAA, this training is required for staff with access to PHI.

As cyberattacks become more sophisticated, it is even more important for dental offices to ensure that staff are properly informed and trained on how to protect PHI, and how to detect and properly respond to cyberthreats.

For our OSHA Review Subscribers… A checklist to help dental offices conduct a HIPAA security risk analysis is available from OSHA Review’s website, in the clients-only section under OSHA Review/Professional Documents.

Since 1992, OSHA Review, Inc. has provided dental professionals with comprehensive programs to support regulatory compliance and infection control. We are a registered continuing education provider in the state of California, specializing in Dental Practice Act, infection control, and OSHA training.