It’s Your Call October 2020

OSHA:
We have KN95 face filtering respirators (FFRs) from China. What is OSHA’s guidance about a written respiratory plan and fit test for respirators?

 In the April 3, 2020 enforcement memorandum, Federal OSHA explains why a written respiratory plan and fit test are required with the use of FFRs and air-purifying elastomeric respirators that are certified under certain standards in other countries or jurisdictions. During shortages, Federal OSHA permits the use of alternative respiratory protective measures when the assigned protection factor from these devices is greater than or equal to 10, and KN95s are included on the list.
Consider documenting your employer’s good faith effort to use other protective measures (e.g. partitions), to implement the CDC’s strategies to monitor and prioritize the use of supplies, and to obtain other appropriate alternative FFRs, reusable elastomeric respirators, or PAPRs.

HIPAA:
Are there certain hacker groups that target the healthcare industry?

Health IT Security mentions 5 hacker groups that target the healthcare industries in a recent article. The Maze hacking group was the 1st to successfully use double extortion which is when hackers gain quick access into networks through vulnerable devices and exfiltrate sensitive data. Other groups like NetWalker, REvil, Pysa, and SunCrypt hackers soon followed. The Dark Overlord (TDO) is another notorious hacking group.

Covered entities and business associates continue to pay large settlements because they fail to conduct a risk analysis, implement risk management and audit controls and implement sufficient security measures to reasonably reduce risks and vulnerabilities. Insufficient attention to these areas could undermine the security of any business.