Cyber security is vital for businesses in every sector today. However, it’s particularly important for those in the healthcare sector.
There are several reasons why businesses in this arena can’t afford to put off cyber security measures and why tomorrow may be too late to do what you should have already done today.
When you think of ‘cyber security’, many of us automatically think of the business’s IT department, slaving away in hoodies in front of their laptops, processing code, putting up firewalls and scanning for viruses.
Information security is one of the few spots in the business where you can be involved in almost every part of the business.
To protect your practice from cyber security threats, it’s time to start thinking like a hacker. What sensitive, confidential or HIPAA data do you collect, store or transfer that could be compromised? And how vulnerable is that data to attack?
The majority of breaches in the U.S. affect small‐to medium‐size businesses:
• Lack of resources/funding for sophisticated IT security
• Lack of IT expertise
• 67% do not use web‐based security
• 61% do not use antivirus on all computers
• 60% of small businesses will go out of business within a year of having a major breach.
How to Assess the Cyber security Risk of Your Small Business
Creating a security risk profile can help you determine how vulnerable your business is to cyber attacks.
1. Assess your Risk
• HIPAA – Personal Health Information
• PCI-DSS – Credit Card Data
• PII – Personally Identifiable Information
• Health Insurance Information
• Proprietary Business Information
Don’t assume if data is offsite (Cloud), that it is any more secure
2. Secure Your Network
Managed Firewall Appliance
• Monthly or Annual Subscription
• Updates on a regular basis
• Detects anomalies
• Different from standard firewall
• Most Insurance Co.’s requiring these devices 5% VGM discount
Use 3rd party review of log files for added protection
3. Perform Vulnerability Scans
3rd Party Penetration Test (ethical hack
• Annual at minimum, quarterly ideal
• Reports low, medium, high
• Balance automated software vs. human
4. Software Patches/Updates
• Microsoft Patch Tuesday (Windows, Servers, Office, etc.)
• Upgrade software to latest version (Enterprise Management)
• Determine 3rd party software or use white list protocol
• Upgrade to Windows 10
99.9% of the exploited vulnerabilities (hacks) were compromised more than a year after being identified
5. Encrypt Mobile Devices
Minimal current hack threat, however likely the greatest risk
• Business Information on Mobile Devices (Email)
• Access to Network
• Access to Billing Software
• Stored Passwords
• Lost on a Regular Basis
Phones, Tablets, Laptops, Surfaces, I Pad Air Watch, Mobile Iron, MaaS360, Bit Locker
6. Protect Your Website
Typical Hacks to a Website
• Defacing – changing of content
• Phishing Pages – Fake PayPal, credit card, etc.
• Patient Information Stolen
• Credit Card #s
• Open Source Code (Joomla, Drupal, etc.)
• Low Cost mass produced sites are HIGH RISK
A hacked website tells referral sources and patients that you are not trustworthy
7. Purchase Cyber Liability
Currently Inexpensive Compared to Risk
• Insurance companies already requiring policies for referrals
• Use in RFP’s as a differentiation
• Creates best practices
Insurance companies often offer free advice
Why the Health Care Industry?
The health care industry has become one of the top targets for hackers.
• Health care data is rich with information hackers can make money on:
• Patient names
• Addresses
• Social Security Numbers
• Date of birth
• Insurance/Medicare ID
• Cell phone numbers
• Credit card/checking account numbers
• EACH of these data points is valuable on the cyber black market – together, they are a gold mine!
To Conclude
Cyber security is an ongoing battle, not a task to be checked off and forgotten about. New malware and attack methods consistently put your system and data at risk. To truly keep yourself cyber safe, you have to continuously monitor your systems, conduct internal audits, and review, test, and evaluate contingency plans
As you can see, there are many elements to consider when it comes to your practice’s daily cyber security status, and it’s not just your IT department’s responsibility to protect you.
For more information on how to handle a data breach get in contact with us at support@wonderws.com also check cloud date secure to minimise the risk of threat to your business.