No workplace is entirely immune to the threat of a security or data breach. The healthcare industry is particularly vulnerable and has become one of the largest targeted industries for cybercriminals. Medical records contain the most sensitive of personal information including Social Security Numbers, health records, and other contact information. As many as 90% of healthcare providers have experienced a breach in the last two years. Over half of these breaches are deemed to be criminal in nature, according to a study from the Penemon Institute, a privacy and security independent research firm (from Bloomberg, 05/07/2015).
Each member of a healthcare organization’s workforce has a responsibility to protect the privacy and security of all patient information. Implement the necessary safeguards by conducting a cybersecurity risk assessment within your organization.
Cybersecurity best practices:
• Conduct an initial audit to determine potential exposures for your organization as well as to establish an action plan for identifying and implementing proper controls.
• Establish written policies detailing your organization’s cybersecurity safeguards, including topics such as password protocols, guidelines for internet use, customer data control, and penalties for policy violations.
• Keep hardware and software up-to-date to decrease risk from the latest malware or other security threats.
• Secure your internet connection, including implementing a firewall and assuring that Wi-Fi signals are secure and encrypted.
• Manage employee access to the internet or customer data by creating separate, password-protected user IDs for all employees and only granting employees access to systems needed to perform their job.
• Keep systems used for payments separate from other potentially less secure systems.
• Work with banks to make sure that the payment systems and services in place are trusted and secure.
• Make regular backups of vital data, including internal documents and customer information.
• Store data backups offsite, either at a remote location or in the cloud.
• Implement physical security measures, such as keeping network equipment, servers, and other hardware in locked or restricted-access areas.
• Secure mobile devices by requiring password protection and installing trusted security and anti-fraud systems.
• Require employees to change their passwords at regular intervals, and consider implementing multi-factor authentication systems.
Succeed Management Solutions, LLC offers toolbox talk resources on related topics, with titles such as: Cybersecurity for Small Businesses, Cyber Security Planning Guide, and Ten Cybersecurity Tips for Small Businesses, provided by the Federal Communications Commissions. For healthcare organizations, Succeed has released a new HIPAA training series on the Privacy, Security, and Breach and Noncompliance components of the HIPAA law, including an awareness-level course for the workforce.