Image for post
Image for post

5 Effective Ways to Protect Your Medical Practice from Data Breaches

Image for post
Image for post

Backup patient & mission critical data

First things first, we must always have a plan for ransomware. With 24% of incidents involving ransomware, we need to have a way to protect ourselves. Before we can effectively protect ourselves against this common threat, we need to understand what ransomware is.

Patch and upgrade all medical equipment that is network connected, if you can

Most medical and biomedical equipment is vendor-managed, but patch whatever you can. Medical equipment is seen as the Achilles Heel of healthcare, and the cybercriminal knows it! The next evolution in ransomware will definitely target more Internet of Things (IoT) devices such as these, making them easy marks for the criminal to get a foothold into your network. Strong Wi-Fi encryption and passwords can help protect them as a first step, and even the FDA and DHS are strategizing a framework to protect new equipment introduced into the marketplace.

Separate company Wi-Fi and guest Wi-Fi and rotate passwords routinely

Now let’s refocus on the insider profile. How often do you change your Wi-Fi password? As a practice, it should be changed routinely and always after an employee leaves the team. Another solid practice is to change access credentials if a device is lost or stolen. 28 data breaches occurred in healthcare in 2018 due to lost or stolen assets, and having a lost laptop with stored Wi-Fi credentials on it is an easy way for someone to gain access to your network infrastructure.

Image for post
Image for post

Protect phi, lock unattended computers and disable usb support

In the medical industry, patient confidentiality is paramount. Preserving patient privacy is part of the Hippocratic Oath, and in the modern age, this also means securing Protected Health Information (PHI). There are many ways to protect PHI, from simply locking your computer when you leave it unattended to restricting conversations to the back room out of earshot. These are routinely done by most medical professions, but there are some additional ways we can explore to protect data.

Ongoing Employee education and security awareness training

Employee education and training is our best defense against data breaches. With it being reported that upwards of 95% of security incidents are rooted in human error, providing ongoing and comprehensive security training for our people is extremely important. Security training is a low-cost solution that can produce effective results. Properly identify phishing emails and providing employees with best practices for security are just some of the benefits of a good training program. The notion that security is a function of the I.T. Department is a common misconception. Every employee should be recognized as a deputized member of I.T.

Image for post
Image for post
Image for post
Image for post

Written by

MailMyStatements is a technology-driven statement, payment, and collection vendor that specializes in simplifying the client billing process. #patientstatements

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store