Cyber criminals are becoming acutely aware that healthcare organizations are a treasure trove of juicy information: patient names, dates of birth, social security numbers, addresses, telephone numbers, credit card numbers, etc.
Healthcare organizations have all of the data in one location that a nefarious individual would want. However, healthcare providers are notoriously unaware of the significant impact their data security has on their information systems. In some cases, healthcare organizations have already been infiltrated without the anyone’s knowledge.
“A new study found that networks and Internet-connected devices in places such as hospitals, insurance companies and pharmaceutical companies unknowingly are under siege. In the report, the groups found from September 2012 to October 2013 that 375 healthcare organizations in the U.S. had been compromised, and in many cases are still compromised because they have not yet detected the attacks. In addition to getting access to patient files and information, the attackers managed to infiltrate devices such as radiology imaging software, conferencing systems, printers, firewalls, Web cameras and mail servers.” Article.
“What’s concerning to us is the sheer lack of basic blocking and tackling within these organizations.” “Firewalls were on default settings. They used very simple passwords for devices. In some cases, an organization used the same password for everything. A decent percentage of these firms could have been eliminated from the data set if basic network and security protocol had been followed.”
So what should you do:
1) Be Proactive: Review what patient information is being stored in electronic devices.
2) Perform a Risk Assessment: Compliance with the HITECH Act requires that you perform a “risk assessment” to determine what areas in your practice are at risk and what procedures are necessary to fix the problem areas.
3) Implement Security Measures: Implement security measures to protect your electronic protected health information and financial data.
If your organization needs assistance with protecting its data – we can help. For assistance CLICK HERE.
Get “News You Can Use” delivered directly to your e-mail inbox. Click here to Subscribe.