Healthcare Providers: Are You Due for a Security Risk Analysis?
Researchers at Comparitech reviewed ransomware attacks on U.S. healthcare organizations in 2020 and noted they cost the industry an estimated $21 billion. Another study released by the U.S. Department of Health & Human Services Office for Civil Rights in December 2020 noted 94 percent of covered entities and 88 percent of business associates failed to take sufficient steps to reduce risks and vulnerabilities to a reasonable and appropriate level.
As staggering as these statistics are, there are numerous ways for healthcare providers to combat this. One keystone to managing risk as a healthcare provider is through a security risk analysis.
Why You Need a Security Risk Analysis
HIPAA Requires It
HIPAA requires a risk analysis but does not state how often to conduct one; however, a healthcare provider needs to have a clear and fresh picture of its risk landscape. A good practice is to perform one at least annually. With a recently documented risk analysis and supporting policies and procedures addressing identified risks, you reduce the likelihood of getting fines from a HIPAA audit.
Security Measures Will Be Strengthened
A common theme for both noncompliance audit violations and breaches is the lack of a risk analysis. Without it, a healthcare provider cannot properly identify the risks to the organization’s data. A risk analysis can help identify and mitigate risks that bad actors would have used to breach your systems and data.
How to Get Started with a Security Risk Analysis
Here are some initial thoughts to consider:
- How often do you perform a security risk analysis?
- Who needs to be involved in the security risk analysis?
- How well does your risk management plan address risks identified?
If you are ready to seek professional help, BKD Cyber professionals can customize and perform a variety of different risk assessments for you. Please submit the Contact Us form below or visit bkdcyber.com for more information.