What challenges exist in the healthcare industry? Healthcare was the most breached industry from January 2018 to September 1, 2018. Among the over 217 reaches reported, there were over 6,477,872 patient records affected. The main cause? Successful hacking of email via phishing campaigns for ePHI and unauthorized access of the network. Paper loss was not far behind.
Many were not even aware that they had been compromised. What about your practice? What about your IT vendor or any business associate? Business Associates also played a role in the breaches.
How are you doing with training your employees? What safeguards do you have in place to prevent or detect a breach? What challenges exist to securing patient information?
- VoIP – Top providers will sign a BAA (business associate agreement), from select risks under contract.
- Fax – Encrypted eFaxing with a signed BAA.
- Office 365 and Google Suite – Can be purchased and configured for compliancy. Both can come with a BAA.
- IT Support – Understands health IT and assists in implementing secure solutions and sign a BAA.
- DDoS Mitigation – Will help IT team manage a DDoS attack, ensuring they are not too distracted to monitor for hackers trying to sneak in a steal sensitive data. Will sign a BAA.
- Business Continuity/Backup – Encrypted solution for data at rest and in transist. Top providers will sign a BAA.
Advancements in mobility have increased risks of outsiders obtaining devices or insiders sending out sensitive information in an insure manner.
- Remote Wiping of Mobile Device – This managed security capability allows a business to remotely delete sensitive data from a device.
- Secure Texting – Encrypted transmission of information and documentation with the ease of texting and available on computers
- VoIP client using office number can be used to keep mobile nurses from providing personal phone numbers.
- Company applications can be securely provided to employees
- Secure VPN office access
Management of Office or Different Location(s)
Many healthcare organizations lack the necessary IT resources to effectively manage the location(s).
- Managed Service – Server and workstation maintenance and patching, medical equipment, office equipment (printers, faxes, etc) and line of business applications are managed by an IT provider.
- Managed Networks – Firewalls and related service, wireless access points, switches managed by an IT provider
- Managed Endpoint Security – Central management of all endpoints to equip with necessary safeguards (antivirus, breach detection, blacklisting) for the business
- Managed DNS – Cloud based web content filtering and internet threat protection to block inappropriate content or prevent malware on any network.
- Managed Security and Compliance Training – Security Awareness and Compliance Training to help you manage the IT security problems of social engineering, spear phishing and ransomware attacks.