Want to Prevent Data Breach? Train Your Staff

Simply creating policies and procedures (P&P) to safeguard ePHI, and using a comprehensive risk assessment won’t prevent data breaches. Instituting technical safeguards behaves only up to point. The Security Rule requires you to enforce compliance through your workforce. How will they understand precisely what is compliance with HIPAA, HITECH, along with the affiliated rules, and what constitutes a violation unless they have been trained?

Make It an Ongoing Affair

You are required with the Security Rule, as being a covered entity, to train your staff before providing any authorization gain access to ePHI. They must be trained around the requirements of HIPAA, HITECH, and the affiliated rules, plus your policies and procedures regarding how to guarantee the confidentiality, integrity, and availability (CIA) of all PHI and ePHI. They should see the limits to get into, and disclosure of any PHI. You might need to execute working out in phases to avoid mass confusion, and resultant confusion in their minds. They’ll be less anxious whenever they realize that they could get doubts clarified on the next round.

Try this: Set aside a particular time during the work day sometime mid-week for personnel who may have doubts to find clarifications from a designated individual – your security officer or anyone else that is in charge of training. Check to see that new employees receive appropriate HIPAA training upon being hired. Ensure that every existing employees receive appropriate HIPAA compliance training a minimum of annually.

Keep Updating Information for Your Team

Whenever HIPAA or related health information regulations/rules change, ensure that every personnel receive updated training. List all security awareness and training programs, and evaluate their content in terms of the typical. This will enable you to definitely identify any gaps in working out program. The incident response team and employees handling a data breach must be supplied with the necessary training to work of their roles, and also to be able to undertake their responsibilities during an incident, or when an incident is suspected.

Have You Defined Any Punitive Actions for Personnel Who Violate Prescribed P&P?

It is essential that you simply define punitive actions to become taken against personnel who violate prescribed policies and procedures. Once they are fully aware that violations of P&P may even cost them their jobs, associates will be disinclined to have pleasure in any willful transgressions. They must understand that unauthorized viewing of type of proper care of a member of family or close friend also constitutes a violation of HIPAA.

About the Author: Amit Sarkar (Lead Auditor, MBB Quality)

Amit Sarkar is often a global HIPAA compliance expert exceeding 2 decades of experience in U.S. healthcare and various domains, and contains globally recognized certifications in quality and compliance.

He has handled end-to-end compliance programs linked to HIPAA, Information Security, and Regulatory and Statutory compliance of multimillion dollar organizations, which try a presence across the globe. He is typically the leader and the driving force behind HIPAA Institute, a business unit which has a vision of creating a major area of the US healthcare industry 100% HIPAA compliant with the year 2020.

eSentire Included in Gartner’s Managed Detection and Response Services Market Guide for Third Conse


 
Press Release,Business,Science & Technology eSentire Included in Gartner’s Managed Detection and Response Services Market Guide for Third Consecutive Year Cybersecurity Innovator Offers the Only Pure-Play MDR Service Available in the Marketplace CAMBRIDGE, ONTARIO – June 15 , 2018 – eSentire, Inc., the largest pure-play Managed Detection and Response (MDR) provider, today announced its inclusion as a representative vendor in Gartner’s 2018 Market Guide for Managed Detection and Response Services. This marks the third consecutive year that eSentire was included in the guide since its launch in May 2016. Market demand continues to climb, fueled by midsized businesses seeking turnkey managed threat detection and response services. Gartner states that “approximately 25% of all inquiries in 2017 related to acquiring security event monitoring services were specifically about MDR,” and predicts that “by 2020, 15% of organizations will be using MDR services, up from less than 5% today.” “Digital transformation is outpacing the abilities of traditional prevention and protection security methods,” said Kerry Bailey, eSentire CEO. “Distributed assets and an expanding threat surface continues to accelerate business risk.

Traditional prevention must be paired with detection and response. When we think about MDR evolution, complete visibility into a customer’s environment is foundational. Without enriched signals and deep forensic information from across endpoints, the network, cloud, and other log sources, it’s impossible to detect and respond to an attack in near real-time. Ultimately, it’s about disrupting your adversary before they cause a business altering event.” According to the guide, “Gartner clients state that they want more comprehensive threat detection and response services than are typically provided by many MSSPs” and see the value in MDR services that include advanced detection and containment tools like managed endpoint detection and response (EDR). Covert techniques targeting the endpoint are on the rise. eSentire Threat Intelligence reports that 91% of critical Q1 2018 security events resulted from endpoint events which retrieved and executed malicious code from remote sources through known, legitimate binaries, like PowerShell or MSHTA. These processes are used by opportunistic and targeted threats alike, allowing them to circumvent basic controls to deliver and install malware. In late January 2018, an eSentire advanced threat analytics operation (powered by machine learning and coined “Blue Steel”), detected an adversary leveraging an unknown exploit in Kaseya’s Virtual System Administrator (VSA) product to deploy crypto miners across the infrastructure of a small number of eSentire customers.

The attack broadly targeted the trusted system of MSPs and cloud platforms through Kaseya VSA endpoint agents for initial access to deliver malicious scripts. eSentire discovered the threat and notified Kaseya of the intrusions, resulting in multiple security fixes. eSentire MDR aggregates and combines all signals across the entire threat surface at scale, with expert analysis augmented by machine learning. The company touts a 99.97% false positive reduction by maximizing security analyst efficiency through automated event suppression. For more information about eSentire MDR, visit: https://www.esentire.com/what-we-do/managed-detection-and-response/. About eSentire: eSentire® is the largest pure-play Managed Detection and Response (MDR) service provider, keeping organizations safe from constantly evolving cyber-attacks that technology alone cannot prevent. Its 24×7 Security Operations Center (SOC), staffed by elite security analysts, hunts, investigates, and responds in real-time to known and unknown threats before they become business disrupting events. Protecting more than $5.7 trillion in corporate assets, eSentire absorbs the complexity of cybersecurity, delivering enterprise-grade protection and the ability to comply with growing regulatory requirements. For more information, visit www.esentire.com and follow @eSentire. Products, service names, and company logos mentioned herein may be the registered trademarks of their respective owners. All rights reserved. * Gartner, Managed Detection and Response Services Market Guide, Toby Bussa, Kelly M. Kavanagh, Sid Deshpande, Craig Lawson, and Pete Shoard, June 2018. Gartner Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. PR Contacts: Angela Tuzzo MRB Public Relations for eSentire +1 732.758.1100, x. 105 atuzzo@mrb-pr.com Mandy Bachus eSentire Corporate Communications +1 226.338.7135 mandy.bachus@esentire.com ###