Fortifying Heathcare Cyber Security

Posted by John Dimaggio on May 18, 2016 3:44:36 PM

In Cyber Security

The number of healthcare breach incidents that evade traditional security defenses are increasing at an alarming rate.  Motivated by lucrative pay-offs for stolen health information, hackers are developing increasing proficiency in identifying and exploiting security vulnerabilities in healthcare IT.   So how can you best fortify your organization’s security controls to defend against cyber threats?

  • Cultivate workforce security awareness.  Your employees are often your first line of defense. Monitor and communicate industry security trends and vulnerabilities.  Keep alert to current and emerging threats, and provide periodic security updates and reminders to your workforce. Educate your employees on the mechanics of spam, phishing and malware. Test workforce awareness by initiating your own internal phishing expeditions to attempt to solicit information from your employees.
  • Develop a password management game plan. Passwords are one of the primary security breach points, and depending on level of access, can sometimes be “the way in”.  Train your users to create strong passwords, require password changes every 90 days, and stress the importance of safeguarding user password data.  In other words, arm your workforce against the widespread availability of password cracking tools that can allow hackers to quickly infiltrate your system.
  • Install Malware detection software, and ensure Antivirus software is in place and that both are kept up-to-date. Using software or other security policies to block known payloads from launching will help to prevent infection.
  • Encrypt your EPHI. Encrypting data can prevent sensitive information from being compromised in transit or at rest, and is critical in light of the high incidence of lost or stolen disks, tapes, laptops, USB storage devices, and/or smartphones.  Hackers often use mobile devices as “the way in”, and if one mobile device is compromised, the EHRs on the server could be at risk.
  • Conduct frequent vulnerability and penetration testing. Penetration testing can identify and exploit vulnerabilities in an effort to determine the likelihood of real-world threats against an organization’s IT assets and physical security. Successful testing will simulate the practices and methods of external or internal agents attempting unauthorized data access. Immediately address and correct all security gaps identified in the testing.

 A security breach can cost healthcare providers millions of dollars, not to mention generate negative publicity and reputational damage that can be difficult to recover from.  Breaches can also instigate OCR investigations. And speaking of OCR, don’t forget that the OCR 2016 Audit initiative is currently underway. Based on the broad scope of potential audit topics and on OCR’s stanch audit objectives, indications point to substantial failure rates.

To learn about the 2016 OCR Audits, download our eBook by clicking on the below link

 Download Our OCR Audit eBook

BlueOrange Compliance has been providing privacy and security assessments, remediation, training and guidance since the inception of HITECH.  Our team is comprised of former healthcare IT executives and top security, privacy and technology analysts.  Our national client base consists of hospitals, physician provider practices, Nursing Facilities, LTC Pharmacies, LPCs, CCRCs, homecare, hospice and business associates.  If you want to learn how BlueOrange Compliance can help you turn HIPAA complexity into HIPAA compliance, visit us at blueorangecompliance.com.