Online Webinar 2019 - Cybersecurity Practices for Health Care Organizations — Cybersecurity Act Task Force Recommendations by Jim Sheldon-Dean

Session Highlights
At the conclusion of the session, participants will be able to:
1. Understand how the HIPAA Security Rule addresses Cybersecurity, and how to use the rule to prevent cyber-attacks.
2. Learn about the Cybersecurity Act of 2015, Section 405(d) Task Group reports, including in-depth explorations of the top five current threats and ten practices to deal with them, in large and small organizations.
3. Learn how Cybersecurity is different from other kinds of security issues and why it deserves special attention.
4. Learn about the NIST Cybersecurity Framework and how to use it to prepare for and respond to Cybersecurity events.
5. Understand the importance of regular, repeated training to help prevent the initiation of an attack on your systems.
6. Learn how to respond to and follow up on an attack that may result in a breach of information.
Who Will Benefit
• Compliance director
• CEO
• CFO
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/lawyer
• Office Manager
• Contracts Manager
Overview
Healthcare information has been protected according to regulations under the Health Insurance Portability and Accountability Act (HIPAA) since 2003 but new attacks by malicious external actors (hackers) pose new threats to the confidentiality, integrity, and availability of Protected Health Information (PHI). The National Institute of Standards and Technology (NIST) has released Cybersecurity guidance to assist with preparations to avoid and respond to threats, and the Cybersecurity Act of 2015 has resulted in guidance in Health Industry Cybersecurity Practices, with implementation guidance for both small and large organizations, identifying five current threats and ten practices to deal with them.
If you are not prepared to deal with Cybersecurity issues your organization can be brought to its knees. More than one healthcare entity has had to scrap its entire IT infrastructure to recover from an attack, at a cost of millions of dollars, and entities that are not sufficiently prepared to deal with Cybersecurity issues may receive penalties from the US Department of Health and Human Services if a breach occurs.
Now is the time to be sure your Cybersecurity stance is strong and resilient and follows recommendations by HHS, NIST, and the Cybersecurity Act of 2015, Section 405(d) Task Group.
In this session, we will examine how following the requirements of the HIPAA Security Rule and specifically taking into consideration cyber-threats can help a healthcare entity prepare itself to defend against cyber-attacks and the significant impacts to privacy, security, and patient care and safety that can result. We will learn about the latest guidance and tools for assisting in preparation and response to cyber-attacks, and what to do if the attack is successful and creates an incident that must be managed and recovered from.
Dealing with Cybersecurity begins with prevention of issues through good practices, good training, and good people who know how to do the right thing. It is important to take reasonable precautions that follow good network practices for preventing and isolating malicious activity, including anti-malware, complex firewalling and network segmentation, and monitoring. Staff and all users must be trained to not be the attack vector when a malicious actor sends a message that includes a link or attachment that can launch a devastating attack on your services and practices.
Overall, following the practices established in the HIPAA Security Rule and recommended by the Cybersecurity Act of 2015, Section 405(d) Task Group can help prevent Cybersecurity incidents through appropriate consideration of current issues, including Cybersecurity, in Risk Analysis and Risk Mitigation planning.
When an incident does occur, it is important to have a prepared plan for how to evaluate and respond to incidents so that any damage is minimized and the appropriate notification of breaches takes place. And, finally, any incident is an opportunity to learn how to do better the next time through better avoidance and better response to Cybersecurity incidents.
Instructor Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities. He is a frequent speaker regarding HIPAA, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference. Sheldon-Dean has more than 19 years of experience specializing in HIPAA compliance, more than 37 years of experience in policy
analysis and implementation, business process analysis, information systems and software development, and eight years of experience doing hands-on medical work as a Vermont certified volunteer emergency medical technician. Sheldon-Dean received his B.S. degree, summa cum laude, from the University of Vermont and his master’s degree from the Massachusetts Institute of Technology.