0

Cyber Alert

Chris Werner (Customer Success Manager) 11 months ago in Procentive News updated 11 months ago 3

We received an alert from the Office of Civil Rights (OCR) that we wanted to share with you:

October 29, 2020

Cyber Alert: Ransomware Activity Targeting the Healthcare and Public Health Sector

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats. The advisory references the joint CISA MS-ISAC Ransomware Guide that provides a ransomware response checklist that can serve as a ransomware-specific addendum to organization cyber incident response plans.

In addition to these materials regarding the most recent ransomware threat to the Healthcare and Public Health Sector, the HHS Office for Civil Rights’ Fact Sheet: Ransomware and HIPAA provides further information for entities regulated by the HIPAA Rules.

CISA, FBI, and HHS are sharing this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats. CISA encourages users and administrators to review CISA’s Ransomware webpage for additional information.

+1

Hi Chris,

Can you please share how our data in Procentive is protected?  How is it stored and backed up?  Is it vulnerable to a ransomware attack?

Also, any chance Procentive can change to a requirement for more complex passwords, to include special characters?

Thanks!

Sheryl

I agree, Id really like to know how Procentive helps us protect our client data? How vulnerable are we to this type of attack?

Hi Alyson and Sheryl,

I've reached out to our legal/compliance team for the official language for you.  I will let you know when I get word from them.  For now, our data security is outlined in the MSA as well.

Thank you for your inquiry!