It’s impossible to guarantee your data will be safe, but there are best practices you can follow to reduce your chance of a hack or breach
Cyber criminals target healthcare organizations-even small practices-because their data contain patient names, birthdates, addresses, social security numbers, credit card numbers, and health insurance information. Whether the hackers use the information themselves or sell it to others on the black market, that’s all that’s needed to steal identities and commit fraud. That’s why healthcare data is more valuable even than credit card records.It’s impossible to guarantee your data will be safe, but there are best practices you can follow to reduce your chance of a hack or breach. Here are 8 ways to protect your practice’s data:
Review current practices and policies Protecting data is the responsibility of the practice, not the EHR provider or software designer. Identifying vulnerabilities before a hacker does is the goal. Some cyber insurance providers will conduct a safety audit for an additional fee
Protect all devices Encrypt and password-protect mobile devices, including laptops, tablets, and smartphones. Set policies on who has access to the devices and who can remove them from the office.
Install and update anti-virus software Keep software and operating systems up to date and patched.
Segregate wi-fi networks Create separate wi-fi networks for your practice and your patients, using different passwords for each. Unauthorized access is one of leading cause of security incidents every year.
Change passwords regularly Enforce a workplace policy requiring strong passwords with a mixture of letters, numbers, and symbols.
Limit levels of access to data Employees should have access only to the information they need to do their jobs.
Train employees All staff should be taught to protect data and how to identify disguised attacks, such as phishing emails, which are disguised as legitimate communications, but can install malware if opened.
Back up all data regularly Backups should be kept off site and off network.
