With so many advances in technology, almost all healthcare practices now store sensitive patient data electronically. Because of this rapid digital transformation in record keeping, it is vital that healthcare professionals ensure that they are keeping patient data secure. The healthcare industry is an attractive target for cybercriminals because of the lucrative personal data collected: name, Social Security Number, email address, home address, date of birth, and sometimes even credit card numbers. The need to protect these organizations from cyber-attacks is at an all-time high; not only can hackers risk a breach by gaining access to patient data, but they can also risk the safety of patients’ lives. Below are 9 useful tips to help improve healthcare cyber security in your practice and help reduce the chance of a cyber-attack.
- Develop a security mindset. Cyber security within an organization must first begin with a security mindset. One of the largest challenges users face in developing this mindset is overcoming the notion that “it won’t happen to me, it only happens to other people.” The reality is that users targeted by cyber criminals do not fit into a certain profile; their target is anyone and everyone. For any security measures to be effective, you must first understand that you are a target - just like everyone else - and become willing and able to enforce policies that require security safeguards to be used.
- Ensure that your staff is trained on cyber security protocols. The weakest security link in your practice is the user, especially an untrained, uninformed user. Without training, users may not even realize they could be creating vulnerabilities in your security and may easily fall victim to a phishing attack that can cause a significant data breach. The first step to implementing security policies is to train your staff so that they know the proper measures to take. By enforcing these measures and keeping your staff regularly informed and educated on them your practice as a whole will become more secure.
- Keep your Windows operating system and software up-to-date. We covered the necessity of Windows updates a few months back in the article “Windows Updates: Stop Ignoring Them.” Keeping your operating system and software up-to-date is crucial as most updates contain security patches to fix any flaws that could allow hackers or malware to sneak in and steal or destroy data on your computer. Users who overlook and ignore system and software updates make themselves prime targets for cyber-attacks.
- Install antivirus software. Antivirus software provides continuous protection for your systems. Without it, data can be stolen, altered, or deleted and hackers could take control over the machine. The latest antivirus should be installed on each of your machines and should be updated regularly to protect against the newest viruses and malware. If you are in need of reliable, managed antivirus software, give us a call and we will help you out.
- Use a firewall to protect against outside threats and intrusions. While it is the antivirus software’s job to find and destroy anything malicious that has already entered your system, the firewall will help prevent malicious intruders from entering in the first place. The firewall scans each incoming message from the Internet or local network and determines whether or not the message should be allowed in. A strong, effective firewall works to protect your network connections by inspecting and controlling the incoming and outgoing stream of data.
- Use strong passwords and store them in a secure place. A password should be required every time you log into one of your systems and again when you log into any software that contains sensitive data (i.e. Medisoft, Clinical, etc.). We recommend passwords be at least 8 characters in length, with a combination of capital and lowercase letters, numbers, and at least one special character. We also recommend that you change passwords on a regular basis, for example every 60-90 days. If you have difficulties remembering passwords, there are secure apps available that allow you to keep track of all passwords. Whichever way you decide to store them, make sure each user’s password is stored in a secure place that only that user has access to. Under no circumstances, should any passwords be written on sticky notes and stuck to computer monitors… or anywhere else for that matter.
- Conduct a Risk Assessment on a regular basis. The HIPAA Security Rule requires that covered entities and its business associates conduct a Risk Assessment of their healthcare organization. A Risk Assessment helps document potential security vulnerabilities, threats, and risks. By conducting a Risk Assessment on a regular basis (we recommend once a year), you will have a clear understanding of any security issues that may be present.
- Control access to patient data. Cyber criminals who gain access to patient data use that data to commit identity theft, hack into bank accounts, and cause a great deal of damage. Under HIPAA, it is your responsibility to ensure that your patients’ data remains confidential and secure. Careful control should be made to only allow authorized users to access programs with sensitive data. You can assign certain rights and control access in both Medisoft and Clinical, as well as audit each system to verify who accessed what and when. Always remember: minimum necessary access; if there is no reason for an individual to have access to certain files or data, then they should not have access to them, period.
- Plan for unexpected disasters. Sooner or later unexpected disasters will occur. A disaster could be as simple as a power outage, or as complex as a hurricane, a flood, or a fire and could happen at any moment. It is crucial to ensure that important health records and patient data are protected against loss from these events, which brings us back to developing and implementing a Disaster Recovery Plan, as discussed in our May article, “Business Continuity Planning: Operating Without Your Critical Systems.” In the event of a disaster, not only do you need to get your systems up and running again as soon as possible, but you also need to ensure that patient data remains safe and secure. This article will provide you with tips on creating a plan so you can be prepared.
Healthcare cyber security is a key issue that needs to be addressed for your practice to remain in business. s If you have any questions or need help ensuring the security of your patient data, give us a call today or shoot us an email at Help@AccudataService.com.