Protecting Medical Information
Medical facilities are a favored target of cyber criminals as patient medical records offer a potentially lucrative resource to hackers. Medicare info, diagnosis codes, Social Security numbers, and shared electronic medical records (EMR) provide opportunities for fraud. With regulations such as HIPAA, it’s incumbent on the healthcare industry for legal as well as moral and sound business reasons to safeguard patient data. Here are three tips that can go a long way toward protecting your healthcare network.
1. Strong Cyber Resiliency Plan
What we learn from the victims of past cybercrimes is that it’s vital for healthcare security to develop a resiliency plan that includes incident response and recovery as well as proactive protection methods. Even police departments have been victimized by ransomware which takes over vulnerable systems and demands payment for releasing their own data back to them.
No one can predict where hackers will strike or guarantee protection, but the best and simplest defense is simply to perform regular data backups so that crucial data such as electronic medical records (EMR) can be easily restored from copies. In an era when cyber attacks are increasing every day, implementing a comprehensive backup plan is essential.
2. Hardware security plan
Better education in healthcare security awareness and better device management policies, will help prevent many forms of data breach. One notorious incident in North Carolina involved the theft of a laptop that held information on numerous patients of the Blue Ridge Surgery Center, including patient names, addresses, and insurance information. The one unpardonable aspect of this data breach – the password was with the laptop at the time of the theft.
Blue Ridge was left with no recourse except to notify hundreds of patients by email and direct mail of their security lapse and potential data leaks, as well as open a call center to answer questions and handle the volume of negative feedback.
Rather than find themselves in such a damaging position, organizations need to educate all personnel on the importance of basic security measures: strong passwords, securing passwords, and frequent changing of passwords. Hardware such as laptops and mobile devices should not be left in visible locations even in a locked vehicle as it presents an easy smash-and-grab opportunity to resourceful thieves.
Cyber security awareness and training should be an on-going policy at every healthcare facility.
3. Better accountability
Without sound healthcare security measures, data vulnerability is going to get worse. A growing number of online resources and mobile devices are increasing exposure as healthcare data such as electronic medical records (EMR) are shared among facilities. Phishing emails, spyware, viruses, and other threats can originate from anywhere on a constantly expanding network. Hackers are growing more sophisticated with malware that can lie dormant to escape anti-virus programs before morphing into multiple attacks. The issue of accountability arises when it comes to risk assessment and identifying weak security points.
In order to better protect healthcare information it’s important to establish a coordinated effort between organizations to improve and maintain healthcare security standards, beginning with better monitoring of data networks to more quickly identify, isolate, and issue alerts on potential problems.
CTG has been providing IT network solutions since 1982. We’ve grown with the healthcare industry and our expert engineers stay current with all cybersecurity threats and trends. If you’re concerned about data loss or breaches in your healthcare facility, don’t hesitate to call us for recommendations on system redesign or upgrades to afford maximum protection of patient records.