FTC Published the Basics of Preventing Data Breaches

Next generation firewalls, intrusion detection systems, insider threat control solutions as well as data encryption can help healthcare providers lower risk, avert security breaches, and identify attacks quickly whenever they do come about. Nevertheless, it is essential to remember the security fundamental principles. The Office for Civil Rights Breach website is filled with cases of HIPAA data breaches which were brought on by the most basic of errors and security flaws.

Strong security should begin with the basic principles, as has lately been discussed by the FTC in a sequence of articles. The articles are meant to help organizations enhance data security, avert data breaches and keep clear of regulatory penalties. Although the articles are not particularly focused on healthcare institutions, the data covered is pertinent to organizations of {different|} sizes in all market sectors.

The articles are in particular appropriate for small to medium sized healthcare institutions that are having difficulty managing data security.
The articles are the perfect starting point to make sure that all security principles are covered. Included are the 10 basic security principles which FTC examines whenever looking into complaint and data breaches. The articles utilize cases that FTC dealt with and 60+ complaints and orders, such as settlements attained with companies that failed to carry out proper security controls. The FTC likewise listened to the problems experienced by businesses when trying to protect sensitive data and offers helpful tips to deal with those problems.

Although the FTC took action against companies, in most cases were closed without needing further measures. Organizations may have encountered data breaches, but knowing the basics enabled them to implement appropriate data security controls. Though cyberattacks or other security situations were not prevented, the controls were enough to steer clear of financial charges.

The same principles apply when the Office for Civil Rights investigate HIPAA data breaches. Breaches with over 500 records are inspected by OCR, but just a very small proportion of the 2,000+ data breaches submitted to OCR concluded in a financial fine. If you would like to steer clear of a FTC or HIPAA fine, it is necessary to understand the basics. Not understanding the basics can turn out to be very costly.

The FTC covered in the articles these facets of data security:
1. Begin with security.
2. Regulate access to data smartly.
3. Demand strong passwords and authentication.
4. Keep sensitive personal data safely and safeguard it while in transmission.
5. Section your network system and keep track of who’s attempting to log in and out.
6. Safeguard remote access to the network system.
7. Implement good security practices whenever creating new products.
8. Be sure that service providers carry out sensible security controls.
9. Set techniques to keep your security up-to-date and handle vulnerabilities which may crop up.
10. Protect paper, physical media, and gadgets.

The FTC put together the articles into the Start with Security brochure to share the important lessons realized from FTC cases in 10 basic principles that companies of any size can manage. Check out this resource here. It is also recommended for HIPAA-covered entities to subscribe to OCRs cybersecurity newsletter to get updates on new threats and know the steps that should be taken to enhance security and keep ePHI safe. Sign up for the newsletter here and check out the Security Rule guidance material that HHS published here.