If you do not wish to receive this training alerts from MentorHealth Click Unsubscribe
Having trouble viewing this Message?View it Online
MentorHealth
We Train Healthcare Professionals
Live Webinar on
New HHS OCR Guidance on Ransomware: Time for a HIPAA Update? Date: Friday, October 21, 2016 Duration:
90 Minutes
Time: 10:00 AM PDT | 01:00 PM EDT Location: Online
Register Now
Instructor: Jim Sheldon Dean
Overview: Healthcare entities have recently become the prime targets for hackers using ransomware techniques to encrypt an organization's files and hold them for ransom. In order to avoid being victimized by ransomware, organizations need to use an information security management process to identify and mitigate the specific risks of ransomware. That process includes preventing infections through good systems and network management and training of all staff who use computers, and recovering from infections through the use of good backup and data management processes. There are measures known to be effective to prevent the introduction of ransomware and to recover from a ransomware attack. This session describes ransomware attack prevention and recovery from a healthcare sector perspective, including the role the Health Insurance Portability and Accountability Act (HIPAA) has in assisting HIPAA covered entities and business associates to prevent and recover from ransomware attacks, and how HIPAA breach notification processes should be managed in response to a ransomware attack. Following good practices according to HIPAA helps both prevent and recover from ransomware incidents. Organizations that do follow good practices are able to shrug off ransomware attaches and know exactly what has happened and whether or not reporting a breach to HHS is warranted. Prevention of a ransomware incident is the essential first step, that takes place largely through training of staff to not open any documents or click on any links unless they are absolutely sure of the source and content. The way ransomware works, an individual is usually tricked into visiting an infected Web site or opening a Word document with a malicious attachment, and the only way to avoid the initial contact is to train, retrain, and train again workers to be vigilant and pick up the phone and make a call if they are not convinced of the source and content of the link or attachment. If the contact is made and the attack is launched, having a securely segmented network with tight firewalls between the segments can prevent cross infection and attack of resources, and limit the damage caused by the attack. Using network-monitoring tools can help spot trouble based on anomalous network behavior that the attack causes, and give you the chance to lock down the infection so it can be eradicated and the damage can be evaluated. Once evaluated, you may or may not have a breach to report. If your data is still available and access has been virtually uninterrupted, you satisfy that requirement, but unless your analysis can show that there has been no exfiltration of data and no infection remains, you may have to report the incident as a breach under HIPAA. Handling a malware incident like ransomware can severely test your preparedness, cost large sums of money, and result in reportable breaches that will be investigated by the HHS Office of Civil Rights. Being ready to face the threat and respond appropriately to ransomware can mean the difference between an annoyance and a disaster. This session will help entities understand how to be ready to face the threat and avoid disaster.
Areas covered in the session: l
What is Ransomware?
l
Preventing Ransomware attacks The value of User Training Making your Networks more resistant to attacks
l l l l l l
Understanding the Impact of a Ransomware attack Responding to the attack Recovering from a Ransomware attack Evaluating Ransomware attacks as reportable Breaches
Who Will Benefit: l l l l l l l l
Compliance director CEO CFO Privacy Officer Security Officer Information Systems Manager HIPAA Officer Chief Information Officer
l
Health Information Manager Healthcare Counsel/lawyer
l
Office Manager
l
Click here to register for this webinar
About Speaker Jim Sheldon Dean Director of Compliance Services, Lewis Creek Systems, LLC Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.
... more
Suggest a Topic
More Webinars
It would be really nice if you can circulate this mail to all your deserving colleagues who can immensely benefit from this program. For more information, please contact the event coordinator. We look forward to seeing you at the webinar. Best regards, Event-coordinator MentorHealth About MentorHealth MentorHealth is a comprehensive training source for healthcare professionals. Our trainings are high on value, but not on cost. MentorHealth is the right training solution for healthcare professionals. With MentorHealth, healthcare professionals can make use of the best benefits relating to their professional training. MentorHealth www.mentorhealth.com 161 Mission Falls Lane,, Suite 216, Fremont, CA 94539, USA. Phone: 800-385-1607 or Fax your PO to: 302-288-6884 If you do not wish to receive this training alerts from MentorHealth Click Unsubscribe