The Department of Health and Human Services 2019 spring newsletter warned against the risk of Advanced Persistent Threats (APT) and Zero Day Exploits. An APT is a long-term cybersecurity attack that continuously attempts to find and exploit vulnerabilities in a target’s information systems to steal information or disrupt operations. A Zero Day Exploit takes advantage of a previously unknown hardware or software vulnerability. The hacker generally takes advantage of the lag between when the exploit is discovered and when it is patched.
HHS suggests security measures to help prevent or mitigate the impact of an APT and Zero Day attack. These include:
- Conducting risk analyses to identify risks and vulnerabilities
- Implementing a risk management process to mitigate risks
- Regularly reviewing audit and system activity logs to identify abnormal behavior
- Implementing procedures to identify and respond to security incidents
- Establishing and testing contingency plans
- Implementing access controls to limit access to ePHI
- Implementing access controls
- Encrypting ePHI
- Implementing security awareness training
A copy of the guidance may be accessed by clicking here.
