Risk: Not implementing the information system’s security protection tools to protect against malware.
Explanation: It is important that you complete regular and real time scans of your servers, workstations (including laptops and other electronic devices), and information systems so that you’re able to identify and respond to the known or suspected cases of security incidents. If you’re not implementing these protocols, the security of your ePHI and other critical business operations may get compromised.
Mitigation: Mitigation steps may include:
- Identifying the known or suspected cases of security incidents.
- Decreasing, as much as possible, the harmful effects of these incidents.
- Documenting these incidents and their potential outcomes.
- Employing automated mechanisms and tools to assist you in keeping a track of the incidents and collection and analysis of the information gathered as the result.
Success Criteria: Improved protection against malware, decrease in the incidence of malware attacks and mitigation in the compromise of the sensitive business components as the result of malware attacks.