September 05, 2019

OCR Publishes Summer 2019 Cybersecurity Newsletter

On August 29, 2019, the HHS Office of Civil Rights (OCR) published its latest Cybersecurity Newsletter, providing guidance on how to manage malicious insider threats. The 2019 edition of Verizon's Data Breach Investigations Report found that employees inside an organization were responsible for 59% of all security incidents and breaches. both malicious and inadvertent. In order to identify suspicious activity and mitigate any harm, OCR, among other things, recommends that an organization understand where its data is located, the format in which the data resides, and where its data flows throughout the enterprise. In addition, an organization should establish who is permitted to interact with its data and what data those users are permitted to access in determining appropriate access controls.