9 Healthcare Cyber Security Tips to Help Protect Your Data
As a forward-thinking individual who wants the most for your medical practice, you already have recognized the importance of using cloud-based healthcare software. The cloud uses multiple redundant facilities to store data to keep it safe in the event of a catastrophic breakdown in any one server center. Its information technology staff is focused on keeping the data safe and secure as well, and is devoted to making sure your patients’ records are available 24/7/365, even when cyber attacks plague institutions that are connected to the Internet.
Anyone who has been paying just cursory attention to the news will undoubtedly be aware that healthcare organizations are becoming a huge target for criminal computer hackers. You also know about the potential negative effects that a data breach will have on a practice, including loss of time and money and eroding the trust patients have placed in your organization.
Hospitals, doctor offices, and clinics have been exposed to cyber security threats that can cause grave repercussions. A common method of attack is to install ransomware. Once a medical organization’s system has been compromised, often because an employee clicked a link in a sketchy email, all the patient files are held hostage until ransom is paid. Computer viruses can arrive via email, text messages, and websites that are set up just for the purpose of attacking naive and unsophisticated end users.
Learn everything you need to know to keep your practice safe from hackers with this recorded webinar, "9 Ways to Prevent a Ransomware Attack to Your Medical Practice."
So while the IT department of your cloud services provider will be handling security on their end, you still have to contend with potential security issues in your own office and make sure that your staff knows what to do to protect patient information.
With that in mind, here are 9 tips that will help improve healthcare cyber security in your organization and reduce the chance of attacks.
1. Ensure Staff is Properly Trained on Healthcare Cyber Security Protocols
In most situations, the weakest cyber security link in your medical practice will be the user. Ensuring that your staff knows all proper measures to take (and enforcing these measures) makes the organization as a whole more secure.
You may need to bring in a consultant who can first address the knowledge level of your team and then provide some training to get everyone caught up on the latest security protocols.
2. Don’t Put Off Software Updates
You are busy, and you do not like the idea of taking your computer system offline to conduct basic software updates. However, neglecting to get the latest version of your now outdated software leaves your devices much more vulnerable to attack. Any security patches that come with the update will be unavailable to you.
Criminal hackers take advantage of people’s complacency and can sneak into antiquated systems more easily than systems that have the latest protection.
3. Control Access to Protected Patient Data
You’ve undoubtedly seen news accounts of patients whose private information was stolen by hackers. These sensitive details are protected by the Health Insurance Portability and Accountability or HIPAA act. If you fail to keep this data secure, the results can be disastrous. Criminals hackers use confidential patient details to commit identity theft, take funds from bank accounts, and otherwise cause a great deal of havoc.
Have your security team carefully control access to patient records, only allowing authorized individuals to access the details. You can audit the system to verify who accessed what and when. It’s important to remove access from employees who have been terminated, to keep them from getting into the system and causing problems in their bid for revenge. Healthcare software like electronic health record applications make information access much easier to control.
4. Don’t Use the Same Password for Everything
Using easily guessed passwords or the same password for all platforms significantly increases vulnerabilities. Human nature will motivate your employees to use just one simple password to access their information, but this is a big mistake.
It can be tempting to set up one password to check your email, access your bank, and favorite online store as well as the see patient records, but convenience and ease of logging in instead of following patient security requirements have no place in a modern office’s computer systems.
All a criminal needs to do is discover one working password, and then apply it to all the other accounts that the victim uses. The convenience of one password leads to a catastrophic theft of data. Criminals can cause even more mischief if they get into the system and actually change information in patient files.
An easy solution is to force employees to generate new passwords on a periodic basis. That way, even if a criminal does manage to grab one particular login credential, access will soon be cut off as soon as you do the next update.
5. Store Passwords in a Secure Place
Instruct your team to never include passwords in a shared document or email. They should use a proven password storing system instead. Keep in mind that one common reason people have for skirting password security protocols has to do with their limited memory.
Instead of writing a password on a sticky note and hiding it in a desk drawer, it will be more effective if each user devises a password based on a phrase. For example, a member of your team could use a phrase such as “Every morning I check email while the coffee brews” and use the first letter of each word to make the password “emIcewtcb” with one uppercase letter. Including numbers and other characters helps make the password even more secure.
6. Perform Risk Assessments on a Regular Basis
Not knowing where your vulnerabilities are makes it much harder to protect yourself against attack. You won’t have a clear understanding of your organization’s security issues if you fail to conduct risk assessments on a regular basis.
Complacency is your enemy here. Your own IT team can perform the risk assessment, or you can work with more objective individuals by hiring an outside firm to take care of this task.
7. Maintain a Layered Defense System
Have layered security protocols in place, so even if an attacker breaks through one layer, they still won’t be able to access the protected data, and your practice might be able to identify the attack before it’s too late. Just as you have multiple locking doors to protect your property, building and equipment, you should have many layers of defense against electronic intrusions. That way, even if a weakness appears in one aspect of your defense system, there will be redundant coverage.
So, in addition to using strong passwords and forcing workers to change them periodically, you can use physical security in the form of locked doors, security guards, and surveillance equipment. Antivirus software, a robust firewall, and whitelisting of approved applications all contribute to the overall security of your institution.
8. Have a Plan to Prevent (and Recover From) Data Breaches
In the unfortunate event of an attack, your practice needs to know what the next steps are. Having a plan in place will help you move forward after an attack. For example, your IT team should regularly review your healthcare cyber security protection to ensure you are always following the latest protocols.
This also means avoiding the practice of automatically allowing software updates before checking out any possible repercussions. And when you do assess an update, it’s best to try it out on a quarantined test computer to ensure a patch or update won’t negatively affect all the computers in your system.
To be ready for the aftermath of a successful intrusion, key members of your team should develop a plan for getting the system back up and running, confident that the cloud-based backup of your data will be clean and safe to use.
9. Install Better Software
Stress the importance of using software from a company that prioritizes cyber security in their software. They will update the software swiftly whenever a new threat has been identified. The surrounding applications used in your office must also be shored up.
High up on your to-do list, according to a report from Healthcare IT News, is to invest in a next-generation firewall to protect all data and your systems, and deploy the latest in anti-malware detection. Robust encryption is called for, and you might need to outsource some of your security information management.
The fact that your healthcare organization has deployed a cloud-based solution for your medical software indicators that you already pay attention to emerging technology issues. Now it is time to take the necessary steps to shore up the sensitive information that you generate, store, and update for all of your patients.
- Healthcare cyber security is one of the key issues that you and your staff must take great pains to address in order to stay in business.
- News reports are filled with examples of criminal hackers that take over the computer systems of medical care providers, often locking information and demanding ransom to unlock the data.
- Because you maintain patient data in the cloud, it’s essential that your organization follow industry best practices for cyber security.
- Ongoing training of each of your staff members will help strengthen your cyber defenses.
- Work with a healthcare software provider that has a demonstrated ability and commitment to updating its application on a regular basis.
- Plan ahead about how your organization will react in the unfortunate event that your information does wind up getting breached.
As we previously mentioned, more and more, ransomware has emerged as a major threat to healthcare. Are you at risk for being hacked? Watch our 30-minute recorded webinar to learn everything you need to know to keep your practice safe from hackers.
About Stephen O'Connor
Stephen O'Connor is the Director of Brand and Digital Marketing, responsible for many aspects of Advanced Data Systems Corporation’s (ADS) marketing, including product marketing, customer acquisition, demand generation, brand, brand design, and content marketing.
Stephen has more than 20 years of healthcare industry experience. Prior to ADS, Stephen spent 11 years at Medical Resources Inc. (MRI), most recently as the Manager of Marketing & Internet Services, where he and his teams were responsible for all marketing efforts and the market positioning of MRI’s services.
Stephen spends his day's planning, writing, & designing resources for the modern healthcare professional.