With its trove of sensitive patient and personal data and increasingly digitized records, the health care industry is always vulnerable to cyberattacks and data breaches. But in light of Russia’s invasion of Ukraine and sanctions imposed by the United States, health care institutions and providers need to refocus on the heightened threat of cyber intrusions and disruptive activity. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued guidance for enhanced protection that health care organizations should review closely. In the health care industry, compromised data (including on medical devices that monitor vital stats) can escalate into a life-or-death matter, and any unauthorized access can be the basis of a HIPAA breach, among other compliance issues. Now more than ever, it’s key for health care providers and personnel to:

  • Enable full logging for all systems that contain PHI, financial records and other data susceptible to malware
  • Validate multifactor authentication for patient records and remote access
  • Maintain separate and protected backup records
  • Strengthen anti-virus and anti-malware software across your organization, including wireless networks that govern medical equipment and devices
  • Arrange for patients to receive updated firmware on their medical devices

Our Legal Alert on the “Shields Up” initiative has background and resources relevant to your organization. Please contact our attorneys for questions related to health care compliance and cybersecurity in this time of instability. And stay tuned to our blog updates, including the latest guidance and recommendations.