“Quit worrying about your health. It’ll go away.”
—Robert Orben
Top Story
A joint statement from all of the key players in security released a joint statement on recommendations to reduce the chances of distributed denial-of-service incidences.
What is Denial-of-Service Incidences?
A denial of service (DoS) is a type of cyberattack that occurs when actors make a system’s network server unavailable to its intended users. DDoS attacks have become more popular as more IoT devices are being put online. These devices do not have the best IT security postures and can easily be compromised. They occur when multiple attacking machines flood a device. A threat actor will leverage botnets, a group of devices connected via the internet that have been hacked. Large attacks appear from multiple networks.
How this Affects Medical Practices
DDoS attacks can prevent healthcare providers from access to services such as bed capacity, data sharing services, and scheduling. This type of attack normally will not impair the integrity of a system and its data, but is used to cover up more malicious attacks.
The Update
As the world is becoming more interconnected, maintaining the requirements to keep networks secure can be challenging for even the most advanced IT personnel and teams.
While it is impossible to completely avoid any risk of being targeted by DDoS attacks, there are steps that can be taken to reduce the effects should an attack occur. The guide of steps recently released entitled, Understanding and Responding to Distributed Denial-of-Service Attacks aims to help leaders understand, prevent, and resolve DDoS attacks with the minimal loss of money, time, and reputational damages.
Prior to an attack organizations should identify critical assets and services, understand how users connect to networks, and enroll in DDoS protection services. By identifying different services that may be exposed to the public internet, and the ways that users connect to networks, organizations can find ways to mitigate disruption.
Government agencies recommend that organizations engage with internet service providers and cloud services, understand dedicated edge network defenses, review system/network design, and develop a response plan to DDoS. The first sign of an attack are network latency, slow performance, high network traffic, and not being able to access websites.
It is recommended for agencies affected by DDoS attacks to contact technical professionals to block the attack and gain a great grasp of its effects.
An organization needs to determine if they are a direct or indirect victim of the attack. The network needs to be routinely monitored to deflect attacks,and expose them as soon as possible should one occur.
Finally, organizations should provide an IP address to ISP, enable a firewall, and deny Network Time Protocol to reduce the opportunity of being a reflector of future attacks.
The Bottom Line
The government agencies set three main guidelines for after an accident. They urge victims to monitor networks for another attack, update DDoS response plans, and create a base line of regular network activity to be more aware of future attacks.
Diamond of the Week
California 💎
In the past few days, the main players in the health care industry came to a resolution on how to get $19 billion more money allocated to health care. This complex agreement involves taxing health insurance, investments, and funds being allocated from other areas. To read more about this deal click here.
Who’s the WOAT
Gov. J.B. Pritzker 😡
Govenor Pritzker has decide to scale down on a health care program that aids undocumented citizens. His goal is to keep the spending of this program at a $550 million cap, but in order to do that he is limiting the enrollment of individuals involved in the program. To read more about why he has made this decision clink here.
Who Knew
The misconception: HIPAA prohibits medical providers form sharing personal information with ones family members and or friends.
Sorry No! In reality, HIPAA allows healthcare providers to share relevant information with family members, friends, or other individuals involved in a patient’s care, as long as the patient has not expressed an objection or requested restrictions on the disclosure. This misconception can sometimes lead to misunderstandings and difficulties in communication between healthcare providers and patients’ support networks. It’s important for individuals to be aware that HIPAA seeks to strike a balance between protecting patient privacy and ensuring that necessary information is shared for effective healthcare coordination and support.
Upcoming Events
June 28th at 11 am CDT HIPAA $100 Challange
July 27th at 11:15 am CDT The #1 Compliance Toolkit for Independent Medical Practices
A Round of Applause For…
South Central Behavioral Health Region 👏
Congrats to South Central Behavioral Health Region on renewing their contract with Carosh for another year! They have been a client since 2016 and take the privacy of their clients VERY seriously.
Sources:
- Rodriguez, Sarai. “CISA, FBI, MS-ISAC Provide Guidelines For DDoS Incident Response.” Health IT Security, 3 Nov. 2022, healthitsecurity.com/news/cisa-fbi-ms-isac-provide-guidelines-for-ddos-incident-response. Accessed 7 Apr. 2023.
- Think You’re Compliant? Find Out!
- Carosh Compliance Solutions, 10769 Broadway #106, Crown Point, IN, 46307