Healthcare was a lucrative target for hackers in 2018. Cybercriminals are getting more creative despite better awareness among healthcare organizations. And fines for breaches of patient information are increasing. What more can you do to ensure your patient data is secure?
What Should You Do To Secure Your ePHI?
Healthcare was a lucrative target for hackers in 2018. Cybercriminals are getting more creative despite better awareness among healthcare organizations. And fines for breaches of patient information are increasing. What more can you do to ensure your patient data is secure?
If You Don’t Secure Your Data–Prepare For Ever-Increasing Fines
According to Health IT Security, in February 2019 Tennessee-based Community Health Systems (CHS) settled with the 4.5 million patients impacted by its 2014 data breach. Those patients who experienced identity theft or fraud due to the cyber attack will receive up to $5,000 each.
The lawsuit counsel also requested approval to award attorney’s fees for the case (about $900,000), as well as an incentive award of $3,500 for each patient they represented.
This is just one example of a healthcare breach and its effects. Click here to learn about some of the biggest healthcare breaches for 2018. 15 million patient records were breached in 2018 as hacking and phishing surged. This number tripled from 2017.
Don’t Let This Happen To Your Healthcare Business–What Should You Do To Secure Your ePHI? — Ask your IT provider to implement a Layered, Managed & Proactive Approach To IT Security.
This is the industry’s definitive source to prevent healthcare data breaches…
You need these 4 layers:
1. For your Computers: Your need Anti-Virus, Anti-Malware and Zero-Day Protection that’s managed by your IT Managed Service Provider so you know new updates are being applied daily.
- Managed Anti-Virus & Anti-Malware: This keeps both known and emerging viruses and malware off of your workstations and servers. Because it’s managed, it stays up-to-date with the latest cyber threats. It also protects against new viruses by using behavioral scanning and heuristic checks. These detect new, unrecognized viruses and malware and send them to a sandboxed environment away from your core systems. This is essential with all the new virus and malware threats being created each day.
- Zero-Day Protection: This provides end-to-end cybersecurity protection for your computers, as well as your networks, endpoints, mobile devices, and cloud-based services when an unknown security vulnerability in computer software or an application occurs, and where a patch hasn’t been released to handle it.
2. On Your Network: You need a Next Generation Firewall. This detects and blocks complicated cyber attacks by enforcing security measures at the protocol, port and application level.
Next-Generation Firewalls can be implemented in either software or hardware. The difference between a standard firewall and a next-generation firewall is that the next-gen performs a more in-depth inspection and in smarter ways. It brings added information to the firewall’s decision-making process. It also has the ability to understand the details of web traffic passing through, and can take action to block anything that might exploit your network’s vulnerabilities.
3. Email: You need SPAM filtering with link and document scanning. This is a service designed to block SPAM from your users’ inboxes. It sets up an email gateway that stops the bad guys before they reach your inbox while making sure the good guys (you) aren’t bogged down trying to manage it. Many email messages today are SPAM. SPAM filtering is critical for keeping phishing emails off your computers. However, even the best filters can’t block 100 percent of SPAM messages. This is another reason why you need #4 below.
4. User Education: Different sized organizations cope with dissimilar problems, but all have employees who are usually the weakest link in their IT security. Modern phishing and social engineering attacks are a major threat to medical businesses today. Even a single unaware employee is enough for a cybercriminal to trick through email to gain access to your ePHI, data, finances and more.
Security Awareness Training tackles this problem head-on. You need ongoing education that trains your employees in cybersecurity measures and protocols via a comprehensive curriculum that includes simulated hacking and phishing attempts —This helps your employees know what to look for when using your IT systems.
To ensure cybersecurity, your staff should know…
- How to identify and address suspicious emails, phishing attempts, social engineering tactics, and more.
- How to use your practice management technology without exposing data and other assets to external threats by accident.
- How to respond when they suspect that an attack is occurring or has occurred.
- Additional vital information to maintain cybersecurity.
In addition …
Ask your IT provider to implement these 4 solutions to minimize your risk:
- Data encryption so your ePHI and EHRs are secure both in transit and storage.
- Multi-factor authentication where your users must use two or more forms of electronic identification to access data.
- Routinely patch and update your software programs to close any security gaps.
- Mobile Device Management to protect your data if mobile devices are lost or stolen.
With this and a layered, managed and proactive approach to IT security, you should have a fighting chance against today’s cyberattacks.