Cybersecurity Policies
While the HIPC has not been updated since 2018, a review of recent data breaches in healthcare suggests that the identified threats are still relevant. For example, a 2019 study by the Journal of American Medicine of 95 simulated phishing campaigns at six US health care institutions noted almost one in seven test emails sent were clicked by employees [4]. And recently, a ransomware attack affected 250 Universal Health Systems facilities taking their systems offline for almost a week [5]. These reports agree with the 2020 HIMSS Cybersecurity Survey, which noted the top security events included phishing events, harvesting and ransomware [6].
Other Programs and Processes
To print this article, all you need is to be registered or login on Mondaq.com.
On April 14th, 2021, the Department of Labor ( DOL )
issued cybersecurity guidance to plan sponsor and fiduciaries,
recordkeepers and other service providers and participants and
beneficiaries of plans regulated by the Employee Retirement Income
Security Act of 1974, as amended ( ERISA ). The guidance
is presented in three separate parts: Tips for Hiring a Service Provider with Strong
Cybersecurity Practices, Cybersecurity Program Best
Practices and Online Security Tips for Participants and
Beneficiaries.
Over the past ten years, cybersecurity has become an area of
critical importance to plan sponsors, plan administrators and plan
The Department of Labor (DOL) has issued its first-ever guidance
1 on cybersecurity for ERISA-regulated retirement
benefit plans. This guidance comes shortly after the Government
Accountability Office (GAO) released a report
2 calling
on the DOL to clarify how plan administrators should address
cybersecurity risks for defined benefit plans. The DOL s
guidance, which suggests combating cybercrime should be a priority
for plan sponsors and fiduciaries, also provides tips to
participants and beneficiaries on how to guard against cyber
threats.
The guidance has three parts: one directed at plan sponsors, one
directed at record keepers and service providers, and one directed
at plan participants.
DOL Issues New Guidance On Cybersecurity For Retirement Benefit Plans - Employment and HR mondaq.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from mondaq.com Daily Mail and Mail on Sunday newspapers.
To print this article, all you need is to be registered or login on Mondaq.com.
The DOL s Employee Benefits Security Administration
( EBSA ) provided new guidance for plan sponsors,
fiduciaries, participants and record-keepers concerning best
practices for managing cybersecurity. This is the first time the
EBSA has provided cybersecurity guidance. (See also GAO retirement
plan guidance issued in February 2021: Defined Contribution Plans: Federal Guidance Could
Help Mitigate Cybersecurity Risks in 401(k) and Other Retirement
Plans ).
The DOL asserted that plan participants and plan assets may be at risk from both internal and external cybersecurity
threats, and that ERISA requires plan fiduciaries to