The California Attorney General recently issued a guidance bulletin to healthcare providers reminding them of their compliance obligations under the state’s health data privacy laws and urging providers to take proactive steps to protect against cybersecurity threats. The guidance comes in response to growing alarm over a surge in cybercrime against hospitals and other health providers.
The guidance reminds providers to implement reasonable administrative, technical, and physical security measures to prevent and mitigate against ransomware and other cybersecurity attacks. It also outlines the minimum preventative measures that California health care providers, specifically, should implement in order to protect their data systems from cyberattacks:
- keep all operating systems and software housing health data current with the latest security patches
- install and maintain virus protection software
- provide regular data security training for staff members that includes education on not clicking on suspicious web links and guarding against phishing emails
- restrict users from downloading, installing, and running unapproved software
- maintain and regularly test a data backup and recovery plan for all critical information to limit the impact of data or system loss in the event of a data security incident.
The OR HVAC Puzzle: Why Individual Systems Are on the Rise
Sutter Health Announces Plans for New Santa Clara Medical Center
Sanford Health Receives $300M Gift for Black Hills Medical Center Campus
Wanted: Scientific Standard for Hospital Cleaning
NLCS Strengthens Safety and Compliance with Comprehensive Electrical Program