The California Attorney General recently issued a guidance bulletin to healthcare providers reminding them of their compliance obligations under the state’s health data privacy laws and urging providers to take proactive steps to protect against cybersecurity threats. The guidance comes in response to growing alarm over a surge in cybercrime against hospitals and other health providers.
The guidance reminds providers to implement reasonable administrative, technical, and physical security measures to prevent and mitigate against ransomware and other cybersecurity attacks. It also outlines the minimum preventative measures that California health care providers, specifically, should implement in order to protect their data systems from cyberattacks:
- keep all operating systems and software housing health data current with the latest security patches
- install and maintain virus protection software
- provide regular data security training for staff members that includes education on not clicking on suspicious web links and guarding against phishing emails
- restrict users from downloading, installing, and running unapproved software
- maintain and regularly test a data backup and recovery plan for all critical information to limit the impact of data or system loss in the event of a data security incident.
Mature Dry Surface Biofilm Presents a Problem for Candida Auris
Sutter Health's Arden Care Center Officially Opens
Insight Hospital and Medical Center Falls to Data Breach
The High Cost of Healthcare Violence
EVS Teams Can Improve Patient Experience in Emergency Departments