The California Attorney General recently issued a guidance bulletin to healthcare providers reminding them of their compliance obligations under the state’s health data privacy laws and urging providers to take proactive steps to protect against cybersecurity threats. The guidance comes in response to growing alarm over a surge in cybercrime against hospitals and other health providers.
The guidance reminds providers to implement reasonable administrative, technical, and physical security measures to prevent and mitigate against ransomware and other cybersecurity attacks. It also outlines the minimum preventative measures that California health care providers, specifically, should implement in order to protect their data systems from cyberattacks:
- keep all operating systems and software housing health data current with the latest security patches
- install and maintain virus protection software
- provide regular data security training for staff members that includes education on not clicking on suspicious web links and guarding against phishing emails
- restrict users from downloading, installing, and running unapproved software
- maintain and regularly test a data backup and recovery plan for all critical information to limit the impact of data or system loss in the event of a data security incident.
The Debate on Laundering Microfibers in Healthcare
Construction Begins for New Cancer Center at OhioHealth's Administrative Campus
Sutter Health and Alina Health to Form 39-Hospital System
IAQ and Infection Mitigation in Aging Facilities
Preventing Pests: Effective Measures in Healthcare Facilities