Unfortunately, medical practices cannot be fully guaranteed for protection against cyberthreats by even the most cutting-edge computer software.
Medical practices and healthcare clinics and hospitals are notoriously known for having poor data security and cybersecurity measures, despite the sheer volume of sensitive patient information that flows through their system. However, specific plans and actions can be implemented that significantly contribute to preventing cyberattacks from compromising sensitive medical data and patient information. In fact, many of these anti-cyberthreat actions are required by HIPAA’s risk assessment policy that focuses on the following:
- Completing extensive background checks on office personnel who regularly access confidential data.
- Consistently maintaining a vigilant attitude towards the status of access logs, monitoring of computer audit trails and implementation of tools meant to prevent compromise of data.
- Providing educational items to employees concerning cyberthreats, especially how to help prevent them, what to do if one occurs and definitions of terms associated with cybersafety, such as encryption, firewalls and malware.
Creating Strong Passwords
Most people do not realize how easy it is for an experienced hacker to crack poorly made passwords. According to Microsoft Technet, strong passwords are comprised of at least seven characters, does not contain names, is not a dictionary word and is alphanumerical. Medical practices should consistently use strong passwords to protect highly responsive data.
Cyber Insurance for Medical Practices
To mitigate the consequences of a destructive cyberthreat, medical practices may opt for cyber-insurance that covers costs related to loss of data as well as any possible litigation expenditures. However, attorneys specializing in this type of insurance strongly urge physicians to read the “fine print” included in these policies to determine whether exclusions apply involving criminal penalties, government investigations and regulatory fines.
Encryption is Key to HIPAA Compliance
In addition to backing up data and performing regular virus checks HIPAA’s Guide to Privacy and Security of Health Information requires medical practices employ encryption tools that convert document or file information into unreadable formats prior to being submitted. Only authorized individuals are able to decrypt the document once it reaches its destination. Medical practices must implement encryption tools within associated partner networks and the main service provider to meet requirements of the HITECH Act.
Staying Proactive
Medical practices neglecting to safeguard against cyberattacks not only face HIPAA non-compliance penalties but may also be held in non-compliance with Payment Card Industry Data Security Standards designed to protect payment card (debit and credit) information from cyberattack and identity theft situations.
A Handful of Security Strategies to Consider
The University of Illinois Chicago lays out a few strategies in order to combat the $5.6 billion dollars worth of health care breaches that happen every years. These data security breaches continue to affect over 27 million patient records. We’ve spoken about it before in articles touching on IT threats. Here are some more:
- Invest in a firewall
- Limit network access
- Back up data regularly
- Install anti-virus software
- Establish a strong security culture
