Security experts listed several top strategies for covered entities (CEs) and business associates (BAs) to prioritize this year.[1]
Chuck Everette, director of cybersecurity advocacy at cybersecurity company Deep Instinct, offered 10 must-do items for health care entities to address in 2022:
-
Plan for security threats in advance by having an incident response plan ready to go at a moment’s notice.
-
Have a prevention-first mentality, and test annually.
-
Enforce multifactor authentication on all systems and don’t allow the use of a single password on multiple systems.
-
Patch vulnerabilities and stay up to date on operating systems, software and firmware on all devices.
-
Limit your “attack blast zone” by employing network segmentation and limiting administrator rights with a strategy of least privilege.
-
Have a solid backup plan, such as an off-site, air gap solution that includes frequent and comprehensive backups, and don’t depend on local backup or rollback features, since these are often the first targets of an attack.
-
Enable strong spam filters to prevent phishing emails from reaching end users.
-
Require annual security awareness training for all employees.
-
Limit false positives in order to reduce alert fatigue.
-
Consider cyber insurance coverage.