Hospital group provides guidelines for protecting information

A Virginia Hospital & Healthcare Association task force has developed a set of guidelines to help hospitals and health systems guard against cyberattack.

The guidelines are based on three key principles:

• Educating employees about safe, responsible use of computer systems to help avoid infiltration.

• Developing and implementing prevention plans that operates automatically and are an integral part of a health system’s processes and security protocols.

• In the event of a security breach, implementing an established security incident response and continuity plan.

The task force developed nearly two dozen recommendations. These guidelines will be updated to respond to developments, safety protocols, emerging threats, and other factors.

The task force included health-care information security officers from hospitals and health systems across the state.

During the 2017 General Assembly session, VHHA promoted legislation to add penalties to state law for the use of ransomware to compromise health care computer systems containing private medical information.

The legislation called for making it a Class 5 felony to use ransomware that denies users access to their data. The legislation did not pass during the 2017 session.