Making annual predictions is always a little bit guessing and a lot of luck by the end of the year. No way any of us could have predicted where we would go throughout the year we just call 2020. Only history will tell us will give us the distance to understand the last 12 months. Who knows where we will go next but what the umm heck. We figured we would do it again.

In this episode:

10 2021 Predictions Plus 2020 Results – Ep 287

Today’s Episode is brought to you by:

Kardon

and

HIPAA for MSPs with Security First IT

The HIPAA Boot Camp

Virtual Edition Feb 23-25, 2021

Share Help Me With HIPAA with one person this week!

Thanks to our donors.  We appreciate your support!

If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.

Like us and leave a review on our Facebook page:www.Facebook.com/HelpMeWithHIPAA

If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!

HIPAA Say What!?!

[07:30] Security incentives officially became law. Looking forward to a new name when it is implemented but the important thing is that everyone starts finding ways to properly incorporate recognized security practices. RSP? RecSec?

We are updating and adding more to ours already.

Another Right of Access Resolution Agreement

Elite HIPAA Resolution Agreement and Corrective Action Plan

Peter Wrobel, M.D., P.C., doing business as Elite Primary Care (“Elite”), has agreed to take corrective actions and pay $36,000 to settle a potential violation of the HIPAA Privacy Rule’s right of access standard. Elite provides primary care health services in Georgia.

In April 2019, OCR received a complaint alleging that Elite failed to respond to a patient’s request for access to his medical records.  In May 2019, OCR provided technical assistance to Elite on the HIPAA right of access requirements and closed the complaint.  In October 2019, OCR received a second complaint alleging that Elite still had not provided the patient with access to his medical records.  OCR initiated an investigation and determined that Elite’s failure to provide the requested medical records was a potential violation of the HIPAA right of access standard. As a result of OCR’s investigation, the patient received a copy of his medical record in May 2020.

A new review to share

2020 Results

[19:40] First let’s take a look at the predictions we made for 2020. Considering how far wide of our imagination 2020 went in many ways, we actually did pretty well with what we expected. They just came in different ways sometimes.

1. A lot of big settlements are going to make the news and OCR enforcement will tear it up between now and the election.  OCR will not be the only one to watch because the states will get rolling on this as well.
   • Record number of resolutions announced including some big ticket ones.
2. New authentication methods will be tested but no one solution will become the go to solution just yet.
   • That has been happening due to the complete change in the way we work.
3. IoT / OT / IoMT will be the source of a healthcare data breach in 2020.
   • Avast IoT Attacks Intensified By Covid-19 | Avast
   • CFO MacBook to speaker to get microphone
4. Ransomware gets much, much worse is the most solid one of our 2020 predictions.
   • This one really wasn’t a stretch to begin with but the Oct alert shows just how much worse it has gotten.
5. Supply Chain / Third parties will be the source of the breach or they will be getting in line.
   • OK folks, we hit this one out of the park unfortunately. SolarWinds is huge and it is used by many IT providers or large internal IT departments.

2021 Predictions

1. Security incentives for frameworks like NIST and 405d will drive a new approach to cybersecurity programs. We have to create new ways besides enforcement to get companies to pay more attention to the cybersecurity requirements of their technology. The sooner we get more people paying attention to the concepts the safer we will be.
2. SolarWinds details will trickle out and become the driving force for changes in supply chain requirements especially those involved in IT infrastructure. This story isn’t just about the government attacks. This is going to be wide spread and it is really scary to see where the story goes based on what we know right now.
3. Cyber attacks will continue to become more complex. The better we get at protecting things the more work it takes for attackers to get into the network, the more creative they get with their methods of attacks. That also plays into how different organizations had to implement new business operations in 2020 and adapted going forward.
4. Telehealth and remote work are a permanent part of work and care infrastructure. For years, the industry has been discussing implementation of Telehealth tools. It happened within weeks not years. We have all adapted to using these tools now. That means it is time to go back and do the planning and risk management that should be in place.
5. [46:40] Companies will start to look at cybersecurity as necessary, not a luxury. For years, businesses have not had budget line items to cover security. The lack of higher visibility makes it fall to the side in discussions and planning.
6. Virtual meeting platforms will focus more on being a WFH solution, not just remote meetings. It is part of all around life now.
7. Start seeing cyber fallout from 2020’s sudden shift to a work-from-home workforce including the IoT impacts. Homes have way more IoT than most any business. All of those devices connected to business operations only create a wider attack surface. Couple that attack surface with the speed in which we implemented it, we have repeatedly said this is a great deal of concern.
8. Rise in targeting home networks as an entryway into companies. The connection of the home networks into so much company data has created an opening that we don’t even know yet what could be impacted.
9. VPN and RDP attacks will rise due to remote work and all the vulnerabilities that keep showing up.
10. More cybersecurity regulations will be coming and changing because of all the other things we just mentioned.

Whatever may come we have given it our best stab for 2021. Considering what happened we lucked out with only 5 predictions for 2020. Let’s see where things are in up a year from now.

Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word.  As always, send in your questions and ideas!

Special thanks to our sponsors Security First IT and Kardon.