OCR pushes for employee education to improve cybersecurity

Having a strong first line of defense is key in any battle—and the same goes for the fight for cybersecurity. A recent newsletter released by HHS Office for Civil Rights (OCR) urges healthcare organizations to arm their employees with knowledge in order to prevent cyberattacks.

Global cyberattacks like Petya and WannaCry are becoming more and more common, yet many healthcare organizations continue to lack the proper protocols for protecting their systems and devices. In the newsletter released by OCR, the office urges healthcare executives to train staff on data security and how to identify ransomware as required by the HIPAA Security Rule.

“The Security Rule specifically requires covered entities and business associates to ‘implement a security awareness and training program for all members of its workforce (including management)’,” stated OCR. “Note the emphasis on all members of the workforce, because all workforce members can either be guardians of the entity’s PHI or can, knowingly or unknowingly, be the cause of HIPAA violations or data breaches.”

Following the Security Rule, healthcare organizations should implement security updates and provide routine training to employees. Organizations should also acknowledge how often their workforce is trained on security issues, use security updates and identify what type of training employees need to identify threats.