Many healthcare organizations are attempting to renew their cyber insurance policies and being hit with requirements without warning. While these requirements can be defenses against ransomware, they can be costly and time consuming. Here is a heads up on what we’ve seen insurers requiring recently:
- Multi-factor Authentication (MFA)
- MFA for all employees when accessing email through website or cloudbased service
- MFA for all remote access users. Including contractors and third-party service providers
- MFA for all administrative accounts
- Have a patch management process implemented
- Fully documented, and tested, backup and recovery procedures
- Vendor management IT controls
- How is initial access requested/approved
- How is it disabled when no longer needed
- Review process to determine it is still needed
- Use of endpoint detection and response (EDR)
- Regulatory factors that impact the organization, both U.S. and internationally
- Encouraging regular vulnerability scans and analysis
- Additionally, some brokers ask about the use of SolarWinds
We suggest reaching out to your organization’s cyber insurance provider to see what, if any, controls they will be requiring before renewal so your organization can get started on implementation!
Learn how BlueOrange Compliance can help you protect your organization and the people you serve by calling 855.500.6272, or request a free consult.
