The U.S.healthcare industry is at risk for significant data breaches. Our business is highly targeted for its rich and sensitive data. Because of the use of electronic medical records (EMR) and ehealth systems, patient data is more mobile and accessible. These technologies create new security vulnerabilities. More providers are entrusting sensitive data to third parties bringing others into the mix. Iron Comet Consulting can assist in delivering solutions to healthcare organizations and we know that even in light of increased regulations, there is a difference between privacy and security.
An alarming fact is that despite the use of risk assessments used in physician offices, hospitals and clinics, the number of data breaches has continued to rise steadily over the past five years. Human error is sited as the most prevalent threat. The wide use of mobile devices in the workplace is another leading factor in healthcare data security breaches. Although when surveyed providers said that the majority of breaches were by an employee. A lack of staff attention to policy was sited as a main factor for putting data at risk.
Here are some suggestions to help you stay aware of potential threats.
1. Real Time Antivirus is not active
The real time antivirus scanner is disabled. Many users disable their malware protector when it slows their PC.
2. Schedule a Virus Scan
When you schedule a virus scan many of the top rated removal programs consume much of the energy of your PC. We recommend scheduling a “daily” virus scan at night, every night. Once a week might do the trick.
3. Inferior Anti-malware programs:
Just because your cable provider recommends McAfee or Norton does not mean it’s the best software to use.
4. Mass Email lists: Facebook, MySpace etc…
These lists are a prime target for hackers. This is their sweet spot. Avoid lists if you possibly can.
5. Bad Email with Bad links
Everything from Nigerian money scams or “Check this out” arrive daily in emails. Be very careful what you open in your browser.
6. Web Search
Hacked web sites for anything from Costco to hotels in Las Vegasare the norm. These high impacting search terms are littered with hacked web sites. Hackers are clever and will target and infect these sites with bad code. Your browser will end up on a fake web page in the end.
7. Keep doing risk assessments
Have a roadmap for fixing your security issues. Whatever the findings, follow up and correct the problems promptly.
8. Fill Gaps in data security
It’s easier to deal with gaps beforehand rather than after a breach.
9. Make data security part of your office culture
Write a complete guide with the help of experts to train and educate your employees about data privacy and security.
10. Display policies and procedures
Mobile device technology is evolving so quickly that it’s difficult to keep place. Use encryption, security enabled software, and device management to fulfill security needs.
Your goal should be to protect your company, assets, patients and employees. Because the landscape is changing rapidly, we advise you to talk to professionals who understand the inner workings of risk assessment.