The California Attorney General recently issued a guidance bulletin to healthcare providers reminding them of their compliance obligations under the state’s health data privacy laws and urging providers to take proactive steps to protect against cybersecurity threats. The guidance comes in response to growing alarm over a surge in cybercrime against hospitals and other health providers.
The guidance reminds providers to implement reasonable administrative, technical, and physical security measures to prevent and mitigate against ransomware and other cybersecurity attacks. It also outlines the minimum preventative measures that California health care providers, specifically, should implement in order to protect their data systems from cyberattacks:
- keep all operating systems and software housing health data current with the latest security patches
- install and maintain virus protection software
- provide regular data security training for staff members that includes education on not clicking on suspicious web links and guarding against phishing emails
- restrict users from downloading, installing, and running unapproved software
- maintain and regularly test a data backup and recovery plan for all critical information to limit the impact of data or system loss in the event of a data security incident.
Probiotic Cleaning: A Complementary Strategy for Safer Hospital Floors
VITAS Healthcare Breaks Ground on New Inpatient Hospice Center in Florida
Mile Bluff Medical Center Disrupted by Data Security Event
The Proper Way to Use Cleaning Carts
JPS Health Network Breaks Ground on New Hospital