Healthcare Providers: Are You Due for a Security Risk Analysis?

Thoughtware Alert Published: Jul 29, 2021
Woman working remotely

Researchers at Comparitech reviewed ransomware attacks on U.S. healthcare organizations in 2020 and noted they cost the industry an estimated $21 billion. Another study released by the U.S. Department of Health & Human Services Office for Civil Rights in December 2020 noted 94 percent of covered entities and 88 percent of business associates failed to take sufficient steps to reduce risks and vulnerabilities to a reasonable and appropriate level.

As staggering as these statistics are, there are numerous ways for healthcare providers to combat this. One keystone to managing risk as a healthcare provider is through a security risk analysis. 

Why You Need a Security Risk Analysis

HIPAA Requires It

HIPAA requires a risk analysis but does not state how often to conduct one; however, a healthcare provider needs to have a clear and fresh picture of its risk landscape. A good practice is to perform one at least annually. With a recently documented risk analysis and supporting policies and procedures addressing identified risks, you reduce the likelihood of getting fines from a HIPAA audit.

Security Measures Will Be Strengthened

A common theme for both noncompliance audit violations and breaches is the lack of a risk analysis. Without it, a healthcare provider cannot properly identify the risks to the organization’s data. A risk analysis can help identify and mitigate risks that bad actors would have used to breach your systems and data. 

How to Get Started with a Security Risk Analysis

Here are some initial thoughts to consider:

  • How often do you perform a security risk analysis?
  • Who needs to be involved in the security risk analysis?
  • How well does your risk management plan address risks identified? 

If you don’t know where to start or are not ready to seek professional help, HealthIT.gov provides a Security Risk Assessment Tool that meets regulatory compliance.

If you are ready to seek professional help, BKD Cyber professionals can customize and perform a variety of different risk assessments for you. Please submit the Contact Us form below or visit bkdcyber.com for more information.
 

Related Thoughtware

Kate & Ben — How can we help you? Contact Us!

How can we help you?