When you hear the term ‘healthcare cybersecurity,’ your mind probably thinks of data and computers and all of the hackers and malware that are trying to corrupt networks across the globe.
However, Healthcare Cybersecurity is as much about your employees as it is the technology. A large number of breaches are due to the simple mishandling of information by employees who are simply not paying attention.
Take a looks at the top Healthcare IT Security vulnerabilities that often go unnoticed by employees.
Mobile Devices: Laptops, Tablets and Cell Phones
If you carry your laptop back and forth to work, are you careful to store it where no one else has access to it? Are your kids doing homework on it? Is it encrypted?
If you’re enjoying a latte at your favorite coffee shop and you’re using a mobile device to log in to the server at work, you might be putting the entire network at risk. At the very least, you might be exposing the data you are accessing, since you are on an unprotected network. This might be fine if you’re simply browsing social media on a personal phone, but if you’re dealing with confidential medical records on a company, this can put the entire network at risk.
At a minimum, any mobile device used to access your network should have an access code (PIN) and should be encrypted.
Positive Work Habits that support IT Security
- Desktop Security – Do you leave your desk unattended? If your screen doesn’t time out quickly, it’s up to you to lock your keyboard if you have access to patient records.
- Paper Files – Has your business achieved a paperless office? If not, take care that printouts are shredded if they contain sensitive patient information. Healthcare IT Security also concerns any printouts and paper files.
- Office Guests – Be cautioned against unscrupulous outsiders who might try to manipulate you in order to extract sensitive information. We tend to think of bad guys as presenting themselves in a malevolent way, but oftentimes they can be quite charming. They are skilled at taking advantage of people—some of whom tend to trust everybody.
Internal Healthcare Cybersecurity
Healthcare IT Security is not only about finding the best cyber security solution externally, it’s about understanding what your staff can do day to day to protect your company. Here’s what your employees can do to protect against cybersecurity breaches.
- Discarding Old Hardware – How does your organization discard old computers and printers? It’s the organization’s responsibility to know at all times where your data lives.
- Password Setup – Your organization should provide guidance on how to develop passwords that are difficult to figure out. Better yet, let the IT department assign passwords to employees. That way they will be cryptic enough—and can be changed on a regular schedule.
- Portable Workstations – Inpatient settings, workstations are often portable. They can roll from room to room, making occasional stops behind the nurses’ station. Who has access to these portable workstations when they’re unattended? Could other patients gain access? Could anyone who happens to walk by gain access?
- File Permissions – Employees should only be granted the minimum amount of access to sensitive information they need to get their jobs done.
- Employee Education – Believe it or not, employees need to be told not to click on links when they come from sources that are unclear. And pleas for money, social security numbers, and sensitive information should never be opened. You might think this is common sense, but if it were, data thieves would stop sending them.
Healthcare IT security controls must take into account the human factor. This is particularly critical in a healthcare environment, where HIPAA/HITECH regulations mandate strict rules on how to protect your data. With 4.4 million records exposed in Q3 of 2018 alone, Healthcare IT Security strategies must go beyond the network to account for your people and how they handle sensitive information.