It’s a story ripped straight from the local and national headlines: a physician leaves his laptop in his car for a brief period of time only to have it stolen. As if a stolen laptop wasn’t bad enough, that laptop had patients’ private health information (PHI) stored to its hard drive. Now, the doctor is required to report a data breach to the authorities and to every patient whose PHI may have been compromised.
The financial costs and reputational implications associated with a data breach can be substantial and may also result in a significant HIPAA violation. However, healthcare practitioners and business persons alike can put a few protective measures into place to help avoid the most common Information Technology (IT) security lapses.
October is Cyber Security Awareness Month. In light of this month-long observation, LAMMICO offers the following recommendations to strengthen cybersecurity in your practice or facility:
Encrypt to Protect
Encryption is the process of encoding messages or information in such a way that only authorized parties can read it. Encrypted devices, patient files and emails ensure that only credentialed persons can view patient PHI. In the event that a laptop or mobile device is lost or stolen from a medical office or individual healthcare provider, encryption will protect the information on that device from being accessible to unauthorized users. Encryption software such as Symantec, Folder Lock, and BitLocker are all available to purchase and download to solve your encryption needs.
Secure Your Network Connection
The wireless production network of any practice or facility should be secure. This means that only employees of the practice using an authorized, encrypted device can have access to the secure device to conduct business. Offering a password-protected "courtesy" network is a solution for guests or employees who would like to check personal email, social media and browse the Internet in their free time or while waiting to be seen by a physician. An IT consultant can help set up secure and courtesy wireless networks within your practice. Regularly change that network password to add complexity to accessibility, further ensuring that the right people gain the right kind of access. Consider establishing a monthly reminder for your office manager to update the network password settings and redistribute credentials to authorized staff on a consistent basis.
Combat Cyber Threats with Up-to-Date Anti-Virus/Malware Software
A new virus or malware software is created by hostile coders every day, so constantly being aware of suspicious content is essential. Don't neglect your IT security software updates - even when it costs additional fees to upload. Retaining the most up-to-date scanners will protect your practice from invasive viruses, worms, trojan horses, ransomware, spyware, adware, scareware, and other malicious codes that can destroy your credibility as a steward of patient privacy - or cost millions in ransoms. Symantec, Norton, and McAfee all provide endpoint encryption solutions to protect your valuable resources and data.
Decrease User Error
Unintentional downloads of images from "friends" or engagement with malware via email phishing scams are commonplace both inside and outside of the healthcare industry. Innocent click-throughs to hyperlinks that appear to be from credible sources can compromise the security of your IT infrastructure. Developing policies and procedures for cybersecurity and holding security awareness training sessions to explain those policies and procedures to employees is critical to impressing the importance of cybersecurity in healthcare. Implementing practical protocols like hovering over hyperlinks to ensure that all domains are the same, or stopping to review the domain of the email sender to validate the reliability of the source can optimize user safety online. Inform your staff that it's ok - and encouraged - to inquire about the intent of emails to determine whether or not the original sender purposefully distributed content to their attention.
LAMMICO routinely assesses our own internal security policies and procedures in our ongoing efforts to defend and protect our insureds. As a part of this initiative, LAMMICO employees undergo a series of IT security training sessions covering a variety of topics such as how to avoid phishing scams, the importance of limiting personal use of Internet and reinforcing IT security measures included within our existing remote access policies.
Built-In Security for LAMMICO Policyholders
In an environment where digital access is the lifeblood of modern business, the stark reality is that cyber liabilities have never been more threatening. That's why LAMMICO protects our insureds from cyber attacks. LAMMICO includes a primary layer of Medefense™ Plus/ Cyber Liability insurance in most policies. In fact, our cyber liability coverage has been enhanced with BrandGuard™ benefits for lost revenue directly resulting from adverse media reporting.
If you are interested in higher limits (above the base layer $10,000 limit for physicians, $50,000 for facilities, and $100,000 for qualifying acute-care hospitals) to further protect your practice or facility from an IT security breach, contact Carly Thames at 225.906.2062 or firstname.lastname@example.org to discuss your options.
LAMMICO does not endorse products or services mentioned in the above article. These products and services are presented as resources available in the cybersecurity marketplace.