Major HIPAA Update: Cyber Incident Reporting for Critical Infrastructure Act
Without specialized support for IT, Cybersecurity, and HIPAA compliance you are putting your practice, employees, patients, and career at risk. Under-protected practices are experiencing compromised data, lost revenue, damaged reputations (beyond repair), and now run the risk of repercussions from The Department of Justice and HHS. IT, cybersecurity, and HIPAA compliance are glaring weaknesses in the Dental Industry and as of 2022 cyber criminals have made Dental Practices (and the Healthcare Provider Sector as a whole) the number one target for ransomware and other cyberattacks, the time to put a comprehensive plan in place, is NOW.
As of March 15th 2022 Dental Practices are subject to The Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA). This means specialized support for IT, Cybersecurity, and HIPAA compliance aren’t just nice additions, they could be practice-saving additions.
What Does It Do?
The new law mandates the reporting of cyberattacks (of ANY kind) to the Cybersecurity and Infrastructure Security Agency (CISA) of the Department of Homeland Security. CIRCIA creates a partnership between CISA and Health and Human Services, defines reporting requirements, and establishes escalation to the Department of Justice for non-compliance.
Who is Accountable?
CIRCIA, signed after a ramped-up focus on cybersecurity and amid growing concern of retaliatory attacks targeting the US due to the Russian invasion of Ukraine, establishes reporting requirements of 72 hours for “cyber incidents” and 24 hours for ransomware payments to CISA by the “covered entity”. As one of the sixteen critical infrastructure sectors Dentists (#2 named profession under healthcare providers sector as shown below) will be held accountable. Those impacted will also be required to preserve all forensic data during or immediately following an attack. Too many substandard IT practitioners have wiped and reloaded data without a proper investigation, this ends now.
Am I Safe?
The majority of Dental Practices in the USA do not have the basic but critical infrastructure in place (Actively Managed Firewalls, Security Software, Backups, Dental-Specific IT, Cybersecurity experts, or comprehensive HIPAA compliance management) to prevent, mitigate, or recover from a cyber-attack let alone handle these new reporting requirements. Without adequate preparation and response Dental Practices will be subject to a subpoena and failure to comply may result in the referral of the matter to the Department of Justice. Those who can prove proper risk analysis and an ongoing security management plan will face no financial penalty. Can you prove that you are covered?
But I Already Have IT
Dental Practices will scramble to comply with this law and worse, without an adequate plan in place, your data may already be compromised. With ePHI vulnerable to attack in both server and cloud-based environments anything other than Dental-specific IT is insufficient and is likely to result in vulnerability, financial loss, downtime and now, government-mandated repercussions. Managed Service Providers are literally named in this bill, if you don’t have one, you need one.
What Do I Do Now?
Step one in avoiding this growing threat is putting the right prevention measures in place. As Dental Practices require specific knowledge (as outlined by this bill) professionals with industry knowledge can offer insight into your current vulnerabilities, offer solutions to safeguard your practice and in the event of an attack, help you meet reporting requirements and get you on the road to recovery as efficiently as possible.
To learn more about the prevention and mitigation measures in place at Darkhorse Tech and how we recommend covering your Cybersecurity and HIPAA compliance please reach out to us for a complimentary IT audit.
About Darkhorse Tech
Whether you’re just starting out or a well-established organization, Darkhorse Tech has the experience and technology to help get you moving, cut costs, and streamline your operations via unlimited IT support. We are here to help you do what you do best: focus on providing top-notch care and service for patients – not dealing with IT problems, lag time spent talking with technical support, or complicated technological mishaps. Unlimited IT support services help the whole team work efficiently without worrying about significant system issues or constant interruptions.
Our additional security services include:
- Unlimited Remote and/or On-Site IT Support of All Your Hardware and Software
- Improved Network Performance and Security
- HIPAA Compliant Off-Site and Local Backup Service (Darkhorse Secure Backup)
- Managed Antivirus, Anti-Malware, and Anti-Ransomware (Darkhorse Security Products)
- Compliance & Security Laws Standards
- Microsoft Security Patch Management
- Vendor Management: We will be on the phone, not your employees
- Secure, Remote Access to Your Office
- Firewall Management
- Network Management
- Long Term Planning and Budgeting
Contact us anytime if you want to learn more about our dental-specific solutions and unlimited support packages. Our friendly customer service team will get back to you in no time.
Let’s get started. Call us today at 800.868.4504