Protect Your Practice Against Healthcare Cybersecurity Threats
Cybersecurity threats are as commonplace as EHR systems in 2019. In our previous blog, we discussed the current state of affairs in healthcare cybersecurity, as well as the most common threats and attacks used to gain unauthorized access to protected health information (PHI). It is not enough to know about the threats that exist; to be successful and maintain the highest levels of data security to comply with HIPAA and HITECH initiatives, your practice must focus on attack prevention and response.
True cybersecurity is a holistic endeavour that will take assessment, planning and time to properly execute. As there are multiple methods used by cybercriminals, there are a wide variety of defense options to deploy in your practice. Some of these will be technology based, and others will include staff education and cultural behaviors. To ensure the best outcome when implementing these security measures, consider employing an Information Technology (IT) professional or cybersecurity consultant, and do not forget to team up with your third party providers to ensure that everyone is on the same page.
Basic Steps to Keep Information SecureThere are a few basics that can be quickly and easily addressed before diving into more complex solutions. Many practices use Google Chrome, Internet Explorer or the like to store their logins and passwords. Those systems can be easily downloaded by a hacker or even staff members themselves. Make sure to make it a practice-wide policy not to store passwords online. It is also important to make use of strong passwords, multi-step logins or other forms of authentication when possible, and to physically control access to devices or information when not.
The use of public Wi-Fi networks or any insecure network is bad practice regardless of the EHR type. Be sure to use hardline connections whenever possible in your practice. If you must use a wireless connection, be sure that the network is both secure and encrypted with proper firewalls and protections in place. Any data transmission should always be encrypted, and network access should be restricted to only necessary staff members.
In that vein, make sure that you have invested in appropriate anti-malware software, encryption and firewalls; and be sure that all software is up-to-date on any patches or upgrades. New viruses and malware are created every day and vendors make regular updates to their software, so be sure that you stay updated on all practice devices. Update your operating systems and backup your data regularly to ensure nothing is lost.
All devices should be running the same software and configurations. Come up with a maintenance and management plan that includes regular audits to ensure in-house compliance with cybersecurity procedures. Be sure to never just accept default configurations during installation and updates – you should understand your choices and personalize all options to fit with your security plan with the help of an IT professional.
The Importance of Training and EducationThe most important defense for your practice is training and education for your staff members. Cybersecurity is only as strong as the people operating the systems. So called “social hacking” is one of the easiest ways for cybercriminals to gain access to PHI or a computer system, generally via phishing attempts. Make sure that all staff are aware of what these attacks may look like and know what to do if they receive a suspicious email. Also make sure that everyone on your team knows the protocols for how to react if they suspect their device has a virus or has fallen victim to any other cyberattack.
Although you hope to never have to recover from a cyberattack, it is important to have a plan in place. Make sure you know how to report the attack to the proper authorities, and how to secure and restore all data. It is a good idea to work with an IT professional and write down a standard operating procedure.
Securing your data is a broad and complex challenge faces all healthcare practices, particularly in an age of mobile devices and EHR adoption. Your best protection is to mitigate risk with a multi-faceted cybersecurity protection plan. Work with your staff and current service providers to craft a strong cybersecurity strategy and even consider hiring an IT provider to assist. If you need assistance or want to learn more about how you can improve, reach out to our team at WRS Health.
Download the Cybersecurity: Is Your Practice at Risk guide for other ways to keep your data secure.