By Jack Anderson
June 22, 2016
Ransomware is the hot new issue for HIPAA. The debate is about whether a ransomware attack is a breach or not. The experts say that the only way you can tell for sure is through sophisticated tools which are not available or affordable for most small to medium size businesses. So the safest path is to assume that a ransomware attack is a breach. This raises the need for prevention.
Most successful ransomware attacks are some form of social engineering. Basically the hacker expolits human psychology to get them to click on an email, ad, You tube video, or other infected site. Once the are in they can take control of your computer, lock up your data and demand their ransom. If you have PHI on your computer you are also now faced with a possible or perhaps probable breach.
Prevention is the most cost effective and powerful tool. This includes firewall software, malware software, and most importantly well trained staff. Security awareness training is the cheapest and most effective prevention tool. Knowing what social engineering is about and being able to identify and avoid the traps will pay handsome dividends.
For as little as $20 per staff member per year you can get documented staff training. The staff member gets a certificate and you get the peace of mind of knowing that when that link to a cute cat video pops up it will get deleted.
Let me know if you would like more information at Jack@compliancehelper.com