HIPAA Journal posted an article about a New Jersey Spine Center that suffered a ransomware attack, which resulted in their Electronic Health Records (EHR) getting encrypted, among other things. As you read the article, I want you to think about 4 things besides the obvious antivirus question:
- Is your staff properly trained to identify malicious emails and what to do if they receive one?
- Are your Breach and Disaster Recovery Plans up to date and tested?
- Do you have local and offsite cloud backups?
- Do you have event logging enabled to capture recent network activity?