Cyberattacks are a growing threat to healthcare organizations. Ransomware is one form of a cyberattack which can cripple a healthcare provider’s services. With ransomware, the attacker encrypts the victim’s system or data, holding it hostage until payment is received. Paying the ransom to restore your system and recover your data is not a good emergency response plan. What if the attacker demands more ransom? Think about assessing your preparedness for a cyberattack; has your healthcare organization developed emergency response strategies, assigned a proper response team, conducted exercises, or planned for other health care providers to maintain continuity of care for your patients?
Federal regulations at 42 CFR § 485.727require Medicaid providers to take an all-hazards approach to emergency preparedness planning, including cyberattacks. In August, MMAC posted information regarding the final rule Emergency Preparedness Requirements for Medicare and Medicaid Participating Providers and Suppliers. For your convenience, here are links directly related to the cybersecurity information:
- Homeland Security Threats emergency preparedness general guidance, with downloads, at https://www.cms.gov/Medicare/Provider-Enrollment-and-Certification/SurveyCertEmergPrep/Homeland-Security-Threats.html
- How to Protect Your Networks from Ransomware: A letter from HHS Secretary Burwell at https://asprtracie.s3.amazonaws.com/documents/burwell-colleague-letter-ransomware-tipsheet.pdf
Taking steps to assess, plan for, and respond to a cyberattack will go a long way in warding off this man-made emergency.