Hackers don’t limit themselves to attacking personal computers and financial companies; they breach healthcare systems and facilities, too. Unfortunately, they are motivated to obtain credit card information, Social Security numbers, banking information, and birthdates. In their 2018 Cost of a Data Breach Report, IBM and the Ponemon Institute found that healthcare data breaches cost an average of $408 per record, the highest of any industry and nearly three times higher than the cross-industry average of $148 per record!
As a healthcare leader, you have both moral and financial obligations to help protect patient information. Ponemon stated that “we see positive signs of cost savings through the use of newer technologies as well as proper planning for incident response, which can significantly reduce these costs.” Below, we’ve compiled five simple but effective recommendations for hospitals to consider when ensuring their technical defenses are sound.
How reliable is your facility’s security framework? Consider enlisting an IT team to develop firewalls and antivirus software for email and employee inboxes; this could help prevent issues before they arise. In addition to daily software updates and device repair, this team also can perform vulnerability scans to identify potential threats and create a plan to thwart them.
Strong passwords are important. Make sure they are not duplicates of the ones you use for personal accounts. Also, discourage staff from logging into social media sites or Gmail accounts from their work computers.
Password best practices include omitting personal or easily identifiable information (e.g., your birthday, Social Security number, name, family names, or pet names). Passwords should never be written down and accessible to someone else. Ideally, change them every two to three months and utilize eight characters or more with a combination of letters, numbers, and symbols. Finally, if you or your IT team notices any potential threats or suspicious activity, change your passwords.
As a healthcare leader, you must protect both practice and patient data. A lot of patient data is considered “protected health information” under HIPAA, and there are high fines and negative moral implications for violating HIPPA. The more employees who have access to secure data, the higher the risk for it to become compromised. Consider the users in your system and ensure that all account access is necessary. Since physicians require greater access and information than a receptionist, your user accounts should reflect that difference in privilege.
If you can, encrypt everything. Mobile devices storing patient health information assume the most risk. If your practice cannot encrypt email, consider password-protecting all documents containing patient information and be sure to use spam and malware filters to help block phishing.
All laptops and smartphones on which you may access patient information should have firewall software. Install and update virus-protection software on all devices with access to patient information, then password-protect these devices. If possible, ask your IT team to implement two-factor authentication, which provides an additional step when entering a password. This level of protection provides an extra layer of security, which is important not only to your patients, but to your practice.
Train the team
Your IT team can implement technology to help improve security, but employees must follow through with best practices. Consider offering a cybersecurity awareness program to help identify potential threats, teach common risks of day-to-day access, and empower your staff to avoid them. This education should touch all departments and positions in the practice.
Risky behaviors include sharing passwords, leaving devices unattended or password-protected files unlocked, and using an everyday flash drive to transfer confidential information. Although common practices, these actions leave your facility at risk. However, by creating a culture of secure information, employees adopt the same priority, allowing your practice to save money and help patients feel confident in your partnership with their healthcare.