A pair of recent ransomware attacks crippled computer systems at two major American health care firms, disrupting patient care and exposing fundamental weaknesses in the US health care systems defenses against hackers. In both cases, federal officials and private cyber experts scrambled to try to limit the damage and get computers back online. Based on the HIPAA and FISMA security controls identified from the assigned readings, recommend two security controls for each of the $16$ steps below to reduce the risk of future cyber incidents and provide a brief rationale how these controls reduce risk. In addition to the HIPAA controls, the American Health Information Management Association $($AHIMA$),$ a professional association for health professionals involved in health information management, recently released $16$ steps to create a plan for cybersecurity attacks. They are listed below:Conduct a risk analysis of all applications and systems.

Any and all information, applications and systems stored by your healthcare organization could be compromised and must be addressed by your cybersecurity risk assessment.Recognize record retention as a cybersecurity issue.Patch vulnerable systems.Deploy advanced security endpoint solutions that provide more effective protections than standard antivirus tools.Encrypt any workstations, laptops, smartphones, tablets, and portable media and backup tapes.Improve identity and access management.Refine web filtering $($block bad traffic$).$Implement mobile device management.Develop an incident response capability.Monitor audit logs to selected systems.Leverage existing security tools like Intrusion Prevention$/$Detection Systems.Evaluate current and potential business associates $($per the HIPAA Security Rule$).$Improve tools and conduct an internal phishing campaign to teach employees what red flags are in emails.Have an outside cybersecurity firm execute technical and non$-$technical evaluations.Apply a Defense is Depth strategy. Review access control protocols, evaluate security policies to make sure they incorporate current cybersecurity best practices, review audit logs regularly, consider your healthcare entitys cybersecurity attack response capabilities and conduct desktop drills.Detect and prevent intrusion. Monitor your hospital network for nefarious activities with anomaly detection or signature$-$based methods. Intrusion detection systems can make reports and give trends that could indicate a cybersecurity attack or breach.