Data breaches are expensive, but protecting your practice doesn’t have to be. The heightened value of sensitive patient information makes the healthcare industry an attractive market for hackers. To discourage criminal behavior, and avoid claims of corporate negligence, healthcare providers must invest in strong network security.
The Stakes Couldn’t Be Higher
By law, any party handling Protected Health Information (PHI) is required to secure access to, and usage of, that data. The fees incurred from HIPAA violations will break the bank with costs up to $50,000 per violation. Bad press from civil suits will butcher professional reputations that take years to build.
In the worst cases, practices can be held criminally responsible for breaches. If monetary retribution and public disdain aren’t enough motivation to get you improving your security standards, imagine your new 6X8 foot home, furnished with steel black bars and a dangerous roommate.
Real-life Drama
With over 233 data breaches in 2017, affecting more than 3 million US patient records, it is no surprise that popular medical TV series’ “Grey’s Anatomy,” “The Night Shift,” and “Chicago Med” aired episodes featuring cyber attacks.
We often see hyperbole in televised portrayals of current events, especially with regards to medical shows. But for those who know the aneurysm-inducing consequences of HIPAA infringement, the drama is all too real.
“While the requirements of running a HIPAA-compliant environment may at first glance seem onerous,” said Jack Kustanowitz, senior technical advisor at Surgimate, “they amount to a body of sensible and important recommendations for protecting data for which you are legally responsible.”
The good news is that you can help safeguard your practice from the next national data debacle with the following simple and affordable tips.
Stay Up to Date
Software update messages can fire up even the most timid personality. They’re so annoying that the majority of users automatically hit the ‘Remind Me Later’ button and hope to never see the message again.
Truth is we should be kinder to software updates, both for our computer’s operating system and virus definition files. They smooth over bugs and enhance security. The more outdated your software is, the easier it is for hackers to crack. These updates are almost always free, keeping costs down while maximizing cybersecurity.
Prepare Your People
Don’t let employee negligence be the reason for a data breach. In the healthcare industry, employers don’t have a choice but to entrust employees with valuable data. Institute protocols for handling PHI and train employees to use best security practices.
Social hacking is an attempt to gain access by tricking a person with access instead of trying to bypass a technical block, and security training can make employees more wary of more subtle attempts by an outsider to gain access.
“You owe it to our patients to protect their personal information by preparing all staff with the proper protocols,” said Yehuda Elitzur, Chief Software Architect and Security Officer at Surgimate.
Encrypt Everything
Get into the habit of encrypting hard drives, and backing them up frequently. If your laptop full of PHI and classified information gets stolen, encryption will be your only saving grace.
Full hard-drive encryption is available for Mac with FileVault, and BitLocker for Windows, and turning it on may be as simple as checking a box.
Encrypt all documents containing patient information before sending them electronically. There are plenty of low-cost file-sharing applications that guarantee a high level of encryption when forwarding confidential data, OneHub and ShareFile.
Make Like Fort Knox
The more layers of protection, the hardest it is to breach the network. Ensure that all servers and workstations on your network are secured with antivirus and firewall protection.
Security software is not as expensive as it used to be, with annual costs per license as low as $30. Investing in a low-end video surveillance system for your servers is money well spent to protect your data and technology.
Ditch the Tricky P@$$w0rdz
Since the creation of your very first email address, you’ve been taught to use complicated passwords. But as computers and robots have become more sophisticated, our passwords need to be as well.
A passphrase, which is a random thread of at least 4 words, is easier to remember, and offers stronger protection than a hodgepodge like ‘gmailpassword100!!’. According to experts ‘Grumpy pizza kiosk unicorn’ is the way to go for supreme security. If you need to add a number or unique character, keep it simple.
As Kustanowitz points out, “In an environment that demands you build a moat, position sentries, man the turrets, and triple-lock the treasury, a surprising number of would-be fortresses neglect to even lock the front door.”
At Surgimate, we have made data security a priority. Multi-factor authentication is required to access any database containing patient information. All employees undergo HIPAA compliance training and are taught best practices for handling PHI.
Cyber attacks are not going away. Take the proper precautions so you can sleep better at night, in your own bed.