HHS calls on health organizations to adopt new cyber security tactics to protect their organizations from new and persistent threats in a report from the Center for Cyber Security Coordination in the Health Sector of March 3.

HHS recommends that healthcare organizations further improve their defenses against the most common threats, but also to strengthen the security of new technologies that can be targeted by hackers.

Cyber attacks will hit the headlines in 2021 as hacker attacks and IT incidents affect government agencies, large companies and even supply chains for basic items such as fuel. In the field of health care, this year was even more tumultuous as cybercriminals used hospitals and health care systems that responded to the Covid-19 pandemic.

More than one healthcare provider is forced to cancel surgery, radiology and other services because their systems, software and / or networks are deactivated. And in late December, a critical vulnerability in the widely used Java-based software known as "Log4j" hit headlines warning of the potential dangers it could pose. security flaw for organizations of all sizes.

Such uncorrected vulnerabilities allow hackers to quickly gain access to an organization's computer server and potentially gain access to other parts of the network. These reports highlight why it is important for healthcare providers to be vigilant in their approach to cyber security. Given these risks, I would like to call on affiliates and business partners to strengthen the cyber position of your organization by 2022.

We often find that risk analysis only covers electronic medical records. I cannot give enough weight to the importance of business risk analysis. Risk management strategies must be comprehensive in scope. You need to fully understand where all your Electronic Health Information (ePHI) is located in your organization - from software to connected devices, legacy systems, and anywhere in your network.

Here are five tips that HHS recommends to health care organizations to improve their defenses by 2022:

1. Healthcare organizations are often the target of phishing attacks. This year, organizations must continue to test phishing programs and train employees on how to combat and identify phishing attacks.
2. Remote access technologies, such as virtual private networks or Remote Desktop Protocol technologies, should be used sparingly.
3. Analyze how your healthcare organization can threaten your suppliers, suppliers, business partners, customers, and service providers.
4. Be aware of new threats and new cybercriminals that could pose a threat to your healthcare organization.
5. Use government resources to protect health organizations from cyber security threats.