In honor of In honor of National Cyber Security Awareness
Month, MediSYS has put together ten simple tips that your practice can do to help improve cybersecurity. Businesses in the healthcare industry are hacker’s top target due to the value and sensitivity of the data that is used day-today. Due to HIPAA breach penalties and laws, hackers are able to hold massive amounts of sensitive data at a ransom that the practice will have to pay to ge their data back, if they cannot figure out a way to remove the ransomware. This has been very lucrative for hackers, it is estimated that Ransomeware attacks cost businesses, in total, $8 billion in 2018. Don’t be a victim, fight back against these hackers by preparing and taking every measure nesesary to prevent a hack!
1. Make sure operating systems and programs are up to date. See our article: Is Windows 7 HIPAA Compliant?
2. Keep a log of what computers and users have access to and keep it up-to-date by deactivating users when access is no longer needed or authorized.
3. Limit user permissions to the minimum necessary. Periodic reviews of user permissions to make sure they are not excessive, is a good practice.
4. Protect your practice’s network with a firewall or a managed internet circuit.
5. Train your employee’s continuously on cybersecurity best practices. Phishing simulations, informative videos, and classes should be done at least once per year.
6. Use Anti-Virus software and internet website filtering. Anti-Virus software is a given but internet filtering helps to prevent employees or patients from going to, or being redirected to, a malicious site, compromising your network.
7. Use a separate network for guest Wi-Fi and practice internet. Separating these 2 puts a layer of protections between a patient or a hacker using the public Wi-Fi to access protected information or load malware onto the network.
8. Use Encryption. Most computers have a built-in encryption tool, Bit locker for Windows 10 PCs. WinZip is an easy way to encrypt email attachments. Never send PHI or other sensitive documents in an email or over the internet unless they are encrypted.
9. Lock down your accounts with Passphrases or other long passwords and change them regularly and use 2-Factor Authentication when available.. Passphrases are just combinations of easy to remember words, creating a long hard to guess password. For Example: Rabbit-Plato-300
10. Make sure that you have an up-to-date Security Risk Analysis and review HIPAA Policies at least once per year.