Resource Search Results

Considerations for Sustaining a Culture of Cybersecurity: Part II: Cybersecurity Risk and Preparation (2022). Resource Type: Archived Webinar. Description: With the rise in cyberattacks of government agencies and large-scale companies, organizations large and small are questioning if they are doing all they should to protect their data. More Details...

Considerations for Sustaining a Culture of Cybersecurity: Part I: Understanding the Essentials (2022). Resource Type: Archived Webinar. Description: With the rise in cyberattacks of government agencies and large-scale companies, organizations large and small are questioning if they are doing all they should to protect their data. More Details...

Telehealth Office Hours: Cybersecurity Best Practices (2021). Resource Type: Archived Webinar. Description: This webinar tackles the issue of cybercrime and provides our top 15 Cybersecurity Best Practices that every organization should be doing to protect themselves and the communities they serve. More Details...

Strategic Cybersecurity Investments: Leveraging American Rescue Plan Funding to Enhance Infrastructure and Services: HITEQ Highlights webinar (2021). Resource Type: Archived Webinar. Description: Healthcare continues to be the sector most targeted globally by ransomware and related malware attacks and leads in the average total cost of data breach across industries. The FY 2021 American Rescue Plan Funding provides an excellent opportunity for Health Centers to make strategic investments in cybersecurity infrastructure and services. This HITEQ Highlight, presented by Adam Kehler of Online Business Systems provides an overview of assets that can increase Health Center cybersecurity. Topics covered include cybersecurity infrastructure and services that can increase defense-in-depth for health IT, including EHRs, telehealth tools and services, mobile medical devices, patient portals, and related health information software applications. More Details...

Cybersecurity Checklist for Health Center Staff Working Remotely (2020). Resource Type: Publication. Description: This PDF checklist, developed by HITEQ, provides a guide for health center staff to mitigate cybersecurity risks and threats during times of emergency and incident response that have them working remotely from the health center. More Details...

HITEQ Highlights: Health Center Defense Against the Dark Web: Strategies for Building Security Awareness, Education, and Compliance in 2020 (2020). Resource Type: Archived Webinar. Description: This HITEQ Center webinar explored key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. This webinar sought to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection were covered with an emphasis on health center-wide information protection. More Details...

The Roadmap to Becoming a Data-Driven Organization l: Understanding the Foundational Elements of Business Intelligence (2020). Resource Type: Archived Webinar. Description: This webinar will discuss the key components of developing an effective business intelligence program. Participants will learn how to retrieve accurate data and analyze it based on strategic goals that impact patient care delivery, health outcomes and business operations. \ More Details...

Cyber Security Risks — COVID-19: Best Practices for Health Center Staff Working Remotely (2020). Resource Type: Publication. Description: The number of COVID-19 cases continue to increase throughout the United States, requiring more and more of our health systems to rely on employees working from home at times. While some of us are required to "shelter-in-place," unfortunately that shelter can create increased risks such as cyber security breaches. With good planning, policies, and employee and family education, health centers can minimize risk and support their employees while working remotely. This presentation will inform your Health Center remote workers on best practices for increasing cybersecurity at home. More Details...

Strategic Cybersecurity Breach Protection and Incident Response: Guidance and Resources for Health Centers (2019). Resource Type: Other. Description: This is Part 2 of HITEQ's Health Center Defense Against the Dark Web presentation series. This presentation provides general knowledge about breach mitigation and planning strategies for incident response. More Details...

Health Center Defense Against the Dark Web Presentation: Strategies for Building Security Awareness, Education and Compliance (2019). Resource Type: Other. Description: This cybersecurity presentation explores key concepts and best practices that should be followed by Health Centers seeking to develop Defense in Depth and effectively implement hardened security programs at their sites. Part 1 of this series will seek to motivate and educate the health center workforce on critical privacy and security concepts and methods for defense. Aspects of Security Risk Assessment, security awareness training, and breach protection will be covered with an emphasis on health center-wide information protection. More Details...

Health Center Security & Compliance System Implementation Guide: 1/1/2019 (2019). Resource Type: Publication. Description: This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions. There are ever-increasing cybersecurity guidelines and protection measures that Health Centers must navigate and digest. Newer and rurally located Health Centers can especially benefit from guidance and decision support that assists them in determining how to implement systems in a manner that meets compliance requirements and doesn’t expose information to undue security risk. Identifying and managing these types of risk can be especially important when procuring new Health IT e.g. EHRs, Medical Devices, Data Warehouses for the Health Center. This toolkit provides a framework for Health Centers to evaluate compliance and security concerns as they purchase, adopt, and implement technology solutions. Every time a Health Center adopts and implements newly procured technology, they could be exposing themselves to compliance gaps and security risks. Often these topics are addressed after the solution is implemented and are an after-thought. Unfortunately, the later in the adoption process that security is considered, the costlier it becomes to address as it may require redesign or reconfiguration of software, systems, and processes. Especially important for covered entities, like Health Centers, is for this process to meet the regulations outlined within HIPAA. Throughout this document, the related HIPAA requirements are highlighted within each section so as to better understand where this process sits within broader security risk assessment SRA practices. In the Appendix of this guide is an EHR/Health IT Systems checklist that can be used as an implementation interview guide when procuring new resources. This guide can help organizations identify security concerns and design the appropriate solution starting at the design and vendor-selection phase, thereby increasing the likelihood that security will be considered fully throughout the implementation process. Download the full toolkit below, which includes the following sections: System overview Information classification and inventory Business Associate Agreements and Contracts Risk Analysis Identity management Encryption Auditing and logging Contingency planning Workstation requirements Patching Security testing Vendor and developer access Physical security Network segmentation More Details...

Health Industry Cybersecurity Practices: Managing Threats and Protecting Patients (2019). Resource Type: Publication. Description: Cyber threats to healthcare entities put patient health, business continuity, and IT systems at risk. Under the auspices of the Cybersecurity Act of 2015 (CSA), Section 405(d), HHS convened the CSA 405(d) Task Group to enhance cybersecurity and align industry approaches by developing a common set of voluntary, consensus-based, and industry-led guidelines, practices, methodologies, procedures, and processes that healthcare organizations can use to enhance cybersecurity. More Details...

Creating and Managing Strong Passwords at Your Health Center: Guidance in relation to updated NIST security requirements and HIPAA (2018). Resource Type: Publication. Description: Is it acceptable/recommended for health centers to adopt the new password policy guidelines under NIST Special Publication 800-63B and will that still uphold the HIPAA security rule? This question had been posed to the HITEQ Center asking whether we had any guidance or recommendations on implementing the new NIST Guidelines regarding password security.  New Digital Identity Guidelines under NIST Special Publication 800-63-B presents new guidelines regarding password security that are much more user-friendly and consequently more likely to be observed by health center staff since constantly changing, complex password on multiple systems can be a source of frustration for the end user.  Question: Is it acceptable/recommended for health centers to adopt the new password policy guidelines under NIST Special Publication 800-63B and will that still uphold the HIPAA security rule? This question had been posed to the HITEQ Center asking whether we had any guidance or recommendations on implementing the new NIST Guidelines regarding password security.  New Digital Identity Guidelines under NIST Special Publication 800-63-B presents new guidelines regarding password security that are much more user-friendly and consequently more likely to be observed by health center staff since constantly changing, complex password on multiple systems can be a source of frustration for the end user.  After consulting with HITEQ cybersecurity experts and consultants who have helped publish cybersecurity guidelines, the recommendations outlined below were communicated. Answer: The short answer is Yes. HIPAA is not prescriptive and takes the general stance that authentication mechanisms should be “reasonable and appropriate” for the risk they present. Being able to say that you are implementing NIST Standards is a good way to show that you are implementing “reasonable and appropriate” controls. Some standards are relaxed in regards to password change and complexity, those items shouldn’t be taken in isolation. The additional controls in the 800-63 recommendations should also be put in place and can include: Having users check passwords against password lists from breaches e.g., https://haveibeenpwned.com/Passwords  Increasing the length requirements Getting rid of password reminder questions Increasing usability Further Guidance from NCCIC/US-CERT: NCCIC/US-CERT reminds users of the importance of creating and managing strong passwords. Passwords are often the only barrier between you and your personal information. There are several programs attackers can use to help guess or "crack" passwords. However, choosing strong passwords and keeping them confidential can make it more difficult for others to access your information. NCCIC/US-CERT recommends users take the following actions: Use multi-factor authentication when available. Use different passwords on different systems and accounts. Don't use passwords that are based on personal information that can be easily accessed or guessed. Use the longest password or passphrase permissible by each password system. Don't use words that can be found in any dictionary of any language. Refer to Tips on Choosing and Protecting Passwords and Supplementing Passwords for best practices and additional information. More Details...