Monday, Apr 3, 2023
Cyber threats and the importance of data security
by DAN MORTENSON, OWNER OF HIRED GEEK, INC.
Cyber security threats in the healthcare industry are increasing; there were an estimated 11 million data breaches at healthcare facilities around the world during the pandemic. These targeted attacks have highlighted the need for the industry to look at cyber security from small to large healthcare facilities and increase protection for patient’s PHI (Protected Health Information) data. PHI is data which contains medical results and diagnosis with patient medical records, but those which include social security numbers, phone numbers, email addresses, pictures, or other information are also considered patient identifiable information may be subject to higher levels of security.
HIPPA (Health Insurance Portability and Accountability Act) has changed a lot since it was introduced in 1996 as an umbrella of regulations for the medical community. HIPPA has been updated several times in recent years to address cyber security within current internet platforms and also deal with widespread threats. Of particular concern, these policy changes have also increased fines and penalties for the exposure of patient’s PHI data because of lax or insufficient computer security and doesn’t excuse a “lack of knowledge” of cyber policies and can consider not having security as “willful neglect”.
Along with federal and state laws and policies changing, insurance carriers are increasing rates for cyber insurance while demanding closer adherence to these new standards to help businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The goal of all these changes is to make medical practices aware of the cyber-attack threats and make patient data protection a priority. HIPPA also requires yearly audits to verify that the status of the network security is up to date and to make sure its protection is keeping up with the ever-changing landscape.
As these policies and attacks evolve so to does the strategy for protecting medical offices. To address the challenges for medical facilities, a layered security approach is needed. Our company includes cyber assessment tools, documentation, and user training to get a baseline of the current network layout and level of security. For data and network protection, we recommend implementing offsite encrypted backups, a network protection for the internal office, and email scanning. Antivirus and malware scans are run at every level. These services include security professionals monitoring activity to identify areas of concern, and most importantly, fix problems or respond to attacks quickly. Of note, Google Drive, SharePoint, and other cloud services can adhere to the standards for storing PHI data if configured to be secure. However, the default settings may not provide the security required.
A key point to compliance with HIPPA is a solid methodology and not just an end goal. Cyber security keeps evolving so there is no certification or audit that will offer a seal of approval. Instead, we recommend the previously mentioned series of best practices to better prepare for and avoid cyber breaches or data losses. This way your patients can feel their data is protected with the proper cyber hygiene.
Dan Mortenson, owner of Hired Geek, Inc. https://hiredgeek.com has worked with the Harbor Dental Society for over 5 years and been providing IT services since 2002, helping small to midsized businesses grow their internal IT infrastructure, evolve from server rooms to cloud services. His company is focused on cyber security, helping companies navigate the sophisticated threats, and more stringent regulations by providing concierge network and security service while working with clients to address their most pressing needs.