by Wyn Staheli, Director of Research
August 4th, 2017
An article by Medical Economics highlights the June report of the Health Care Industry Cybersecurity Task Force. Their report confirmed once again that healthcare providers are not adequately addressing cybersecurity as part of the compliance programs. The threat of hackers is very real and providers need to ensure that they have taken steps to mitigate the risks associated with a cyberattack.
The report gave 6 critical steps providers need to take:
- Ensure that operating systems and antivirus software are updated with available upgrades and patches.
- Establish policies against opening emails and attachments from unknown sources and continuously educate staff about those policies.
- Hire a cybersecurity firm to conduct penetration tests, a common practice in other industries, where security professionals test their clients’ computer systems and staff to find vulnerabilities that attackers could exploit.
- Consider implementing technologies that allow staff to open suspicious emails and attachments in a contained environment, segregated from other systems.
- Prohibit unauthorized access to patient data; enforce passcodes, automatic logoffs, access controls and mobile device policies to ensure only authorized personnel can access records.
- Review your data recovery and business continuity plans to ensure your practice can access backup files and, thus, continue operations in the event of a cyberattack, a fire in your server room, an Internet outage, etc.
Complete and Easy HIPAA Compliance has been updated for 2017 and includes forms, logs, and policy templates to help your practice be HIPAA compliant.