IT Support and Hardware for Clinics
31.3K views | +4 today
Follow
IT Support and Hardware for Clinics
News, Information and Updates on Hardware and IT Tools to help improve your Medical practice
Your new post is loading...
Your new post is loading...
Scoop.it!

9 Healthcare Cyber Security Tips to Help Protect Your Data

9 Healthcare Cyber Security Tips to Help Protect Your Data | IT Support and Hardware for Clinics | Scoop.it

As a forward-thinking individual who wants the most for your medical practice, you already have recognized the importance of using cloud-based healthcare software. The cloud uses multiple redundant facilities to store data to keep it safe in the event of a catastrophic breakdown in any one server center. Its information technology staff is focused on keeping the data safe and secure as well, and is devoted to making sure your patients’ records are available 24/7/365, even when cyber attacks plague institutions that are connected to the Internet.

 

Anyone who has been paying just cursory attention to the news will undoubtedly be aware that healthcare organizations are becoming a huge target for criminal computer hackers. You also know about the potential negative effects that a data breach will have on a practice, including loss of time and money and eroding the trust patients have placed in your organization.

 

Hospitals, doctor offices, and clinics have been exposed to cyber security threats that can cause grave repercussions. A common method of attack is to install ransomware. Once a medical organization’s system has been compromised, often because an employee clicked a link in a sketchy email, all the patient files are held hostage until ransom is paid. Computer viruses can arrive via email, text messages, and websites that are set up just for the purpose of attacking naive and unsophisticated end users.

 

So while the IT department of your cloud services provider will be handling security on their end, you still have to contend with potential security issues in your own office and make sure that your staff knows what to do to protect patient information.

With that in mind, here are 9 tips that will help improve healthcare cyber security in your organization and reduce the chance of attacks.

1. Ensure Staff is Properly Trained on Healthcare Cyber Security Protocols

In most situations, the weakest cyber security link in your medical practice will be the user. Ensuring that your staff knows all proper measures to take (and enforcing these measures) makes the organization as a whole more secure.

You may need to bring in a consultant who can first address the knowledge level of your team and then provide some training to get everyone caught up on the latest security protocols.

2. Don’t Put Off Software Updates

You are busy, and you do not like the idea of taking your computer system offline to conduct basic software updates. However, neglecting to get the latest version of your now outdated software leaves your devices much more vulnerable to attack. Any security patches that come with the update will be unavailable to you.

Criminal hackers take advantage of people’s complacency and can sneak into antiquated systems more easily than systems that have the latest protection.

3. Control Access to Protected Patient Data

You’ve undoubtedly seen news accounts of patients whose private information was stolen by hackers. These sensitive details are protected by the Health Insurance Portability and Accountability or HIPAA act. If you fail to keep this data secure, the results can be disastrous. Criminals hackers use confidential patient details to commit identity theft, take funds from bank accounts, and otherwise cause a great deal of havoc.

Have your security team carefully control access to patient records, only allowing authorized individuals to access the details. You can audit the system to verify who accessed what and when. It’s important to remove access from employees who have been terminated, to keep them from getting into the system and causing problems in their bid for revenge. Healthcare software like electronic health record applications make information access much easier to control.

4. Don’t Use the Same Password for Everything

Using easily guessed passwords or the same password for all platforms significantly increases vulnerabilities. Human nature will motivate your employees to use just one simple password to access their information, but this is a big mistake.

It can be tempting to set up one password to check your email, access your bank, and favorite online store as well as the see patient records, but convenience and ease of logging in instead of following patient security requirements have no place in a modern office’s computer systems.

All a criminal needs to do is discover one working password, and then apply it to all the other accounts that the victim uses. The convenience of one password leads to a catastrophic theft of data. Criminals can cause even more mischief if they get into the system and actually change information in patient files.

An easy solution is to force employees to generate new passwords on a periodic basis. That way, even if a criminal does manage to grab one particular login credential, access will soon be cut off as soon as you do the next update.

5. Store Passwords in a Secure Place

Instruct your team to never include passwords in a shared document or email. They should use a proven password storing system instead. Keep in mind that one common reason people have for skirting password security protocols has to do with their limited memory.

Instead of writing a password on a sticky note and hiding it in a desk drawer, it will be more effective if each user devises a password based on a phrase. For example, a member of your team could use a phrase such as “Every morning I check email while the coffee brews” and use the first letter of each word to make the password “emIcewtcb” with one uppercase letter. Including numbers and other characters helps make the password even more secure.

6. Perform Risk Assessments on a Regular Basis

Not knowing where your vulnerabilities are makes it much harder to protect yourself against attack. You won’t have a clear understanding of your organization’s security issues if you fail to conduct risk assessments on a regular basis.

Complacency is your enemy here. Your own IT team can perform the risk assessment, or you can work with more objective individuals by hiring an outside firm to take care of this task. 

7. Maintain a Layered Defense System

Have layered security protocols in place, so even if an attacker breaks through one layer, they still won’t be able to access the protected data, and your practice might be able to identify the attack before it’s too late. Just as you have multiple locking doors to protect your property, building and equipment, you should have many layers of defense against electronic intrusions. That way, even if a weakness appears in one aspect of your defense system, there will be redundant coverage.

So, in addition to using strong passwords and forcing workers to change them periodically, you can use physical security in the form of locked doors, security guards, and surveillance equipment. Antivirus software, a robust firewall, and whitelisting of approved applications all contribute to the overall security of your institution.

8. Have a Plan to Prevent (and Recover From) Data Breaches

In the unfortunate event of an attack, your practice needs to know what the next steps are. Having a plan in place will help you move forward after an attack. For example, your IT team should regularly review your healthcare cyber security protection to ensure you are always following the latest protocols.

This also means avoiding the practice of automatically allowing software updates before checking out any possible repercussions. And when you do assess an update, it’s best to try it out on a quarantined test computer to ensure a patch or update won’t negatively affect all the computers in your system.

To be ready for the aftermath of a successful intrusion, key members of your team should develop a plan for getting the system back up and running, confident that the cloud-based backup of your data will be clean and safe to use.

9. Install Better Software

Stress the importance of using software from a company that prioritizes cyber security in their software. They will update the software swiftly whenever a new threat has been identified. The surrounding applications used in your office must also be shored up.

High up on your to-do list, according to a report from Healthcare IT News, is to invest in a next-generation firewall to protect all data and your systems, and deploy the latest in anti-malware detection. Robust encryption is called for, and you might need to outsource some of your security information management.

Key Takeaway:

The fact that your healthcare organization has deployed a cloud-based solution for your medical software indicators that you already pay attention to emerging technology issues. Now it is time to take the necessary steps to shore up the sensitive information that you generate, store, and update for all of your patients.

  • Healthcare cyber security is one of the key issues that you and your staff must take great pains to address in order to stay in business.
  • News reports are filled with examples of criminal hackers that take over the computer systems of medical care providers, often locking information and demanding ransom to unlock the data.
  • Because you maintain patient data in the cloud, it’s essential that your organization follow industry best practices for cyber security.
  • Ongoing training of each of your staff members will help strengthen your cyber defenses.
  • Work with a healthcare software provider that has a demonstrated ability and commitment to updating its application on a regular basis.
  • Plan ahead about how your organization will react in the unfortunate event that your information does wind up getting breached.
Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.
Scoop.it!

Ransomware and electronic records access, healthcare's biggest threats

Ransomware and electronic records access, healthcare's biggest threats | IT Support and Hardware for Clinics | Scoop.it

Of the varied threats facing healthcare provider organizations today, both external and internal, what rises to the top? Some cybersecurity experts have solid opinions on that.

When it comes to external threats, ransomware is the most urgent said Mike Fumai, COO at AppGuard, a cybersecurity software company.

 

“The longer term and newer threat with ransomware is medical devices,” he said. “Already hackable, but no real economic model yet for adversaries to focus on. That can change quickly. For example, they can simply extend the ransomware model by denying medical device use until a ransom is paid. The complexity of the medical device supply chain, however, poses even more exotic ransom possibilities.”

 

If a provider organization cannot treat patients because it doesn’t have access to medical equipment, records, billing processes, scheduling or vital third-party services, the impact is immediate, pervasive, urgent and even life-threatening – far worse than HIPAA fines and other typical data breach consequences.

“Healthcare providers are not prepared for ransomware attacks,” Fumai said.

 

So what should healthcare providers do to better prepare? Implement system back-ups and conduct realistic exercises to be sure they work is one tactic.

 

“Continuously conduct realistic, simulated attacks on your employees and track them individually, and on your organization two to four times per year to seek and fix human weaknesses,” Fumai said. “Form at least one peer group within 30 days with signed letters of intent to learn how to better fight ransomware and to field-test and hype-test cyber products and services before deploying them.”

 

When it comes to internal threats, access to patient records rises to the top, said George Brostoff, co-founder and CEO of SensibleVision, a cybersecurity technology company.

“Twenty-seven hospital employees in New Jersey were suspended after they improperly looked at the files of actor George Clooney, who was being treated after a motorcycle accident,” Brostoff said. “All of them had access to the files from inside the system. External hacks get all the press, but the real security issues that affect hospitals every day come from inside the building.”

 

When very private information is leaked, it is very embarrassing and damaging to a healthcare organization’s image and destroys the trust it has built with its patients. The specific data in patient records allows the source of the leaked information to be tied to the organization at fault.

 

“Most important, these leaks violate federal HIPAA rules and other regulations, which can put accreditation at risk and also open up the risk of lawsuits,” Brostoff said.

To combat problems associated with internal access to patient records, the first step is getting rid of passwords to protect any data, Brostoff said.

 

“They just don’t work, and everyone acknowledges that – even the guy who came up with the ‘Change your password every month’ approach to security,” he said. “Following industry best practices such as secure authentication, encryption and proper access policies is the only way to protect data.”

Technical Dr. Inc.'s insight:
Contact Details :

inquiry@technicaldr.com or 877-910-0004
www.technicaldr.com

more...
No comment yet.