In today’s interconnected digital world, keeping up with cybersecurity alerts is like having a trusty, cyber-savvy sidekick by your side. As our reliance on technology continues to grow, staying ahead of the game is essential. Cybersecurity alerts are like the Bat-Signal of the digital realm, lighting up to warn you of impending threats. Proactive vigilance in the face of these alerts is not merely a best practice; it’s an imperative in safeguarding sensitive data, privacy, and the integrity of our increasingly digital lives.
In this episode:
Alerts Coming From Everywhere – Ep 429
Today’s Episode is brought to you by:
Kardon
and
HIPAA for MSPs with Security First IT
Subscribe on Apple Podcast. Share us on Social Media. Rate us wherever you find the opportunity.
Great idea! Share Help Me With HIPAA with one person this week!
Learn about offerings from the Kardon Club
and HIPAA for MSPs!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
If you see a couple of numbers on the left side you can click that and go directly to that part of the audio. Get the best of both worlds from the show notes to the audio and back!
Thanks to our donors.
HIPAA Briefs
[03:33] Does HIPAA require ISAC participation?An Information Sharing and Analysis Center (ISAC) is an industry-specific organization that gathers and shares information on cyber threats to critical infrastructure. ISACs also facilitate the sharing of data between public and private sector groups.
ISAO collects and shares but not the membership extra features.
HIPAA Say What!?!
[09:12] Does HIPAA allow healthcare providers to look at their own healthcare records within the EHR?HIPAA does grant patients, including healthcare providers who are patients, the right to access and review their own medical records. However, accessing one’s own medical record through the EHR system of the institution where they work can be tricky.
From a strict HIPAA standpoint:
- Every individual has the right to access their own healthcare information, including healthcare providers.
However, from an institutional policy and EHR security standpoint:
- Many healthcare institutions have policies in place that prevent or discourage employees, even if they are also patients, from directly accessing their own records in the EHR system. This is to prevent potential abuse, misuse, or privacy violations.
- In many institutions, employees accessing their own records (or the records of family members) without a legitimate medical or job-related reason is considered a breach of the institution’s privacy policy, even if it might not be a direct violation of HIPAA.
- Institutions have auditing mechanisms in place to monitor who accesses what records in the EHR. If someone accesses a record without a legitimate reason, it could trigger an internal investigation.
In summary, while HIPAA allows individuals the right to see their own records, healthcare professionals should always follow the appropriate channels (usually a formal request through the institution’s health records department) to view their own records rather than accessing them directly through the EHR system to avoid potential policy violations and professional repercussions.
405(d) Tip of the Week
[14:50] Free vids! To help you with your Cybersecurity Awareness Month program, the folks at 405(d) have put together some cool videos to cover each of the four key behaviors for this year.Alerts Coming From Everywhere
[20:34] There is A LOT going on in the world these days that can cause cyber crimes to be about more than money – the normal motive. Today, some bad actors just want to wreak havoc in any way possible. Shutting down businesses is just another way for them to do it. It is definitely overwhelming, but not paying attention to the alerts coming out may make you feel better, but we promise you will definitely not feel better if one of them lands in your network.Exploitable Vulnerabilities That Expose Healthcare Facilities Surged Nearly 60% Since 2022, New Research Report Finds – from Health-ISAC
North Korean and Chinese Cyber Crime Threats to the HPH – This one from HHS came out before the attack on Israel.
Securing Remote Access and Management Software – HC3 Alert from HHS
Critical Vulnerability in Cisco Emergency Responder Platform – HC3 Alert from HHS
Subscribe to the monthly HC# bulletins
HC3: Monthly Cybersecurity Vulnerability Bulletin October 05, 2023 TLP:CLEAR Report: 202310051200 – October HC3 Bulletin
ISACs and ISOs:
There are a number of Information Sharing and Analysis Centers (ISACs) you can join for a variety of industries.
Health-ISAC – Health Information Sharing and Analysis Center for the global health sector. It is a trusted community and forum for coordinating, collaborating and sharing vital physical and cyber threat intelligence and best practices with each other.
CommHIT Information Sharing & Analysis Centers (ISACs) – ISACs to help organizations reduce their risk of a cybersecurity-related breach
IT-ISAC – “The IT-ISAC mission is to grow a diverse community of companies that leverage information technology and have in common a commitment to cyber-security; to serve as a force multiplier that enables collaboration and sharing of relevant, actionable cyber threat information and effective security policies and practices for the benefit of all.”
Multi-State Information Sharing and Analysis Center (MS-ISAC) – “The mission of the MS-ISAC is to improve the overall cybersecurity posture of U.S. State, Local, Tribal, and Territorial (SLTT) government organizations through coordination, collaboration, cooperation, and increased communication.”
Cyber Threat Alliance – “The Cyber Threat Alliance (CTA) is a 501(c)(6) non-profit organization that is working to improve the cybersecurity of our global digital ecosystem by enabling near real-time, high-quality cyber threat information sharing among companies and organizations in the cybersecurity field. “
Participating in an ISAC is crucial for any business, regardless of technical expertise. You don’t need to be a cybersecurity expert to grasp its importance. You just need to know when you should share threat information and ask questions of your technical teams. By being part of an ISAC, businesses of all backgrounds can enhance their cybersecurity defenses, creating a safer digital environment. In a world where cyber threats affect us all, joining an ISAC is a smart move for protecting your business, no matter your technical knowledge.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
