Check Request Status610-994-7500

Privacy and security series, part 3: Prevent ransomware from holding your organization hostage

Data Breach

For the second year in a row, cyberattacks were the leading cause of data breaches in healthcare, according the Ponemon Institute’s recently released “Sixth Annual Benchmark Study on Privacy & Security of Healthcare Data.”

Ransomware, malware and denial-of-service (DOS) attacks are the most common and growing cyber threats facing healthcare organizations, according to the study. Protecting your organization from an attack, however, is highly feasible if you pursue a rigorous and consistent program of employee training, testing and IT system updates.

Increase in cyberattacks led by ransomware and DOS

Most ransomware attacks—the hijacking and encrypting of an organization’s data by cybercriminals—are caused by employees clicking a malicious link in an email or opening a file that spreads a malware virus, effectively rendering data inaccessible.

The virus typically includes a ransom message demanding payment, frequently in bitcoins, to unencrypt the computer or server. Cybercriminals are aided by a “dark web” presence, where they can partner with other criminals to execute attacks.

Since data drives safe and effective healthcare decisions, organizations often pay the attackers’ ransom when operations are crippled. Ransomware, however, may also be considered a breach, although not all organizations have been reporting these types of attacks to the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR).

Educate staff and implement safeguards

OCR is currently working on guidance for reacting to and reporting ransomware, but there are three essential steps healthcare organizations should take today to help avoid becoming a victim:

  • Education: Employees should be trained about the threat of ransomware—not to click on suspicious links or attempt to access unknown flash drives, and to report suspicious emails.
  • Testing: Once a year phishing exercises to test employees’ training are not enough to prevent the next attack. These tests need to be continually repeated at random to drive employee compliance with security policies and procedures.
  • Updates: Organizations need to follow recommended IT-management practices, including implementing software patches, anti-virus updates and other software tools immediately as they become available.

At MRO, we seek to mitigate breach risk from all angles, from our Quality Assurance-infused Protected Health Information (PHI) disclosure management workflow to ensuring our staff is properly trained to avoid cyberattacks. Training quality is ensured through MRO Academy, our rigorous and required online educational and testing platform, with the most up-to-date HIPAA regulations and Release of Information (ROI) requirements at the federal, state and facility level. To learn more about MRO’s training and education programs, click here.

Sign Up for Future Blog Posts

Read More

Avoid HIPAA Violations: Your Finances, Good Name are at Risk

Group Practice Journal
Avoid HIPAA Violations: Your Finances, Good Name are at Risk
Sara Goldstein, Esq., General Counsel for MRO, provides five best practices for reviewing compliance programs to prevent HIPAA violations, including: avoiding patient access barriers, implementing HIPAA security rule safeguards, reducing breach risk, training and auditing staff, and assessing Business Associates.

Read More

Investing in tomorrow’s workforce leaders

As leaders in our industry and community, it is important that we invest in our future leaders. At MRO, one of our core values is “nurture,” because we are dedicated to providing the necessary tools, training and education to build the best and brightest staff and to foster career advancement.

MRO recently had the opportunity to share this piece of our culture with a group of nine talented college teams from Pennsylvania-based colleges through sponsoring a business case challenge hosted at Penn State’s Abington campus, just north of Philadelphia. The challenge was to analyze a case study and develop recommendations to grow an anonymous company. The company was actually MRO hidden behind the pseudonym “HIPCO.”

As both CEO for MRO and a Penn State graduate, I especially enjoyed being able to participate first-hand in the challenge. As described in the article published on the university’s website, I tried my best to be an “undercover boss” and anonymously observe the students’ presentations. However, by the time the second group shared their material, I knew that I would need to reveal myself after the presentations concluded in order to provide important feedback.

As I watched the teams make presentations about MRO, I was struck by the level of commitment to their research and their ability to present the findings in a clear and concise fashion. In fact, I was impressed enough to invite the winning team from Temple University to meet with the MRO senior management team to discuss their career goals and objectives.

I also shared some career advice with them, and I’ll share it here for any students or recent grads reading my post today: “Don’t get caught up in what your job title and money are now. Work for a company that affords you the opportunity to live and grow.”

As I reflect on the event, I feel good about our future leaders and will continue to support their development. This investment in the future is aligned with MRO’s commitment to training and education, one of MRO’s critical pillars of success.

In addition to being an Inc. 5000 fastest-growing company, MRO is also independent research company KLAS’ #1 rated provider of Release of Information solutions for healthcare providers. Our employees are the cornerstone of our success, and we take pride in the dedication and contribution each employee makes to ensure client satisfaction. Read what some of our team members have to say about working at MRO.

Sign Up for Future Blog Posts

Read More