The Office of Inspector General to Audit the Effectiveness of the Health and Human Services Office for Civil Rights

In May 2021, the Office of Inspector General (OIG) announced its plans to audit the Health and Human Services (HHS) effectiveness in ensuring hospitals have implemented measures to prevent, detect, and recover from cyberattacks.

On June 2, 2021, the White House issued an open letter to corporate executives and business leaders, urging them to protect against the threat of ransomware. We have already seen how ransomware attacks can interrupt our daily lives.The letter mentions these five (5) best practices:

1. Back up your data, regularly test the backups, and keep them offline
2. Update and patch systems promptly
3. Test your incident response plan
4. Check your security team's work using a third party to perform penetration tests and vulnerability scans
5. Segment your networks

OIG plans to audit whether HHS's Office for Civil Rights (OCR) has performed periodic audits of hospitals to assess compliance with the Health Insurance Portability and Accountability Act (HIPAA) concerning its security, privacy, and breach notification rules. The audit will also examine CMS's certification process requiring hospitals to implement minimum security safeguards. OIG will conduct security assessments at ten U.S. hospitals to determine whether they have adequately implemented HIPAA security requirements.

Have you performed a HIPAA Security Risk Analysis to identify potential threats and vulnerabilities? HHS provides guidance on determining the scope of a risk analysis and the process you should take to identify weaknesses in your security program. Identifying your risks proactively and developing your remediation plan is key to protecting your data.

Contact us today to book an introductory call and identify potential risk areas.