The health care industry has become an easy target for greedy hackers, resentful employees, and ruthless competitors, leaving an aftermath of protected health information (PHI) breaches, litigations, damages to reputation, and thousands of dollars in penalties. These leaks in sensitive data are both humiliating and expensive to all involved. Guarding PHI with strong cybersecurity system and protocols therefore must be top priority for healthcare organizations.
A large number of health care organizations have undergone data theft and have faced fines from the Federal Government of over $1,000,000. Adding to the shame, there is a dedicated web page WallofShame.com – maintained by the government, which lists all of these breaches.
1. Keep good computer practices:
New computers with integrated software packages are supplied with a mind baffling array of options with little instruction on how to use them in order to keep the system secure. In all of this mumbo-jumbo, it can sometimes be problematic to recognise options to permit to turn off. Here are some thumb rules to keep in mind:
- Delete any software application that is not important for the operation of the practice (e.g., games, instant message clients, photo-sharing tools). If the operation of a software application is indistinct, look at the software company’s web site to understand what the application’s purposes and uses are. Additionally, check with your developer to see if the software is critical to the EHR’s function.
- Do not merely agree with defaults or “standard” configs when installing software. Go through each option, try to understand the choices your making, and obtain technical assistance wherever necessary.
- Ascertain whether the EHR supplier maintains an open connection to the installed software (a “back door”) in order to provide updates and support. If so, ensure a secure connection at the firewall and request that this access be disabled when not in use.
2. Use a Firewall
A firewall can be a software product or a hardware device. In both cases, its job is to scrutinise all messages coming into the system from the outside (either from the Internet or from a local network) and taker a call, according to a pre-configured criteria, whether or not a message should be allowed in.
Big hospitals that use a Local Area Network (LAN) should get a hardware firewall. A hardware firewall sits between the LAN and the Internet, this provides centralized management of firewall settings. This set-up increases the security of the LAN, and ensures that the firewall settings are consistent for all users. If a hardware firewall is fixed, it ought to be configured, supervised, and maintained by a specialist in this subject.
3. Install and Regularly Update Anti-Virus Software
Cyber attackers compromise computers by using viruses and related code that exploits vulnerabilities on the system. These vulnerabilities are global because of the nature of the computing space. Computers that have all of the latest security updates on its operating system and applications may still be in danger because of earlier hidden faults. Additionally, computers can be attacked by outwardly inconspicuous external sources such as CDs, email, USB drives, and internet downloads. It is therefore necessary to use a product that offers constantly updated protection. Anti-virus software is available widely, reliable, and is free or costs relatively very little.
Not having an anti-virus software, may cause data to be stolen, destroyed, or vandalised, and attackers could take over the control of the machine. Some characteristic symptoms of an infected computer include:
- Computer will not start normally
- Computer repeatedly crashes without any obvious reason
- Browser unseeingly goes to unknown web pages
- Anti-virus software does not appear to be working
- Unwanted advertisements appear on the screen
- The user cannot control the mouse/pointer
For more on best practices for protecting your organizations protected health information (PHI) join Stanley Nachimson in this Live Webinar “Cyber Attacks and Cyber Risk Management: Protecting PHI” on Wednesday, September 21, 2016. During this session Stanley will provide the key federal and State requirements to protect information, steps providers must take to meet regulations, best practices for protecting information, and where and how to get further information and guidance.
