CMS, the division of the HHS which provides “education and complaint-driven enforcement” of HIPAA regulations, announced suspicious activity in one of its systems this month. Unfortunately, information of approximately 75,000 individuals was accessed.
“While this is a small fraction of consumer records present on the FFE, any breach of our system is unacceptable.” – CMS stated in an October 19th, 2018 press release.
An Interesting Case Study
Watching how the government agency responsible for oversight of these types of incidents responds has been interesting. CMS has followed the same steps they advise other organizations use:
- Take immediate steps to secure the system by deactivating access to the affected system.
- Launch an internal investigation.
- Notify the appropriate legal authorities
- Coordinate efforts to notify, offer protections, and support to impacted individuals
The investigation is ongoing, but CMS confirmed no banking, federal tax information, or PHI was exposed during the breach.
An Unexpected Twist
Two days before the initial breach was announced, the U.S. Department of Health and Human Services (HHS), announced a new Security Risk Assessment tool for use by HIPAA-Covered entities. Boasting new usability features, the project included support from the Office of the National Coordinator for Health IT (ONC) and the Office for Civil Rights (OCR) – Federal agencies involved in HIPAA privacy regulations.
It is unlikely CMS will feel the sting of fines or public corrective action plans (read our Anthem Breach post). However, it is encouraging that CMS reported the breach and ‘walked the walk’ in handling the situation.
How Umbrella Can Help
Properly securing your system is not only wise but also a regulatory concern. The Umbrella ITMS 3.0 program addresses the constant barrage of threats from Ransomware, Phishing, and other attacks on your infrastructure.
At a high-level, our program offers:
- Drive Encryption
- Next Generation Firewall Security
- Security Awareness Training
- Advanced Email Security and Encryption
Knowing your system vulnerabilities and planning for the worst is how you can recover from a cyber-attack. For more information on how Umbrella can help your business improve system resiliency and put safeguards in place to combat Ransomware and other malicious attacks, please get in touch!