How to Avoid Cyber Attacks

Healthcare-record hacking skyrocketed by 11,000% last year. In fact, one in three Americans has had their records compromised, but very few realize it.

Tip: “Control access to data sensibly. Put controls in place to make sure employees have access only on a ‘need to know’ basis.”

33% One in three Americans has had their healthcare records compromised, but very few realize it.
What happens to those records? According to NBCNews.com, “One site offers fresh healthcare profiles stolen last year in California boasting, ‘You can use those profiles for normal fraud stuff or to get a brand new healthcare plan for yourself.’”

  • VALUE OF RECORDS: The same goes for records in practices like yours. They’re very valuable on the open market…where credit cards go for up to $3 apiece, social security numbers for $15, and complete healthcare records for $60.
  • WHY HEALTHCARE: The Identity Theft Resource Center reports that almost half the security breaches it tracked last year were in healthcare. Why? According to the FBI, healthcare “is not as resilient to cyber intrusions compared to the financial and retail sectors. Therefore, the possibility of increased cyber intrusions is likely.”

 

WHAT PATIENTS ARE HEARING

You’ll likely be getting more pushback from patients themselves about your security, especially with companies like IBM suggesting patients should not give out even the last four digits of social security numbers to doctor’s offices. They’re also being told—and this is good information for your personal records as well—to ask their healthcare institutions for information about the practice’s security policies and what they are doing with the information provided.

 

TIPS TO HELP YOUR PRACTICE

Here are ten tips from The Federal Trade Commission to help practices like yours prevent data security breaches.

  1. Factor security into every department. And, don’t collect personal information you don’t absolutely need.
  1. Control access to data sensibly. Put controls in place to make sure employees have access only on a “need to know” basis.
  1. Require secure passwords and authentication. You may want to consider two-factor authentication as an added protection.
  1. Store sensitive information securely and protect it during transmission.
  1. Segment your network and monitor who’s trying to get in and out.
  1. Secure remote access to your network.
  1. Apply sound security practices when developing new products or programs. To find out more about common vulnerabilities, go to: www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
  1. Make sure your service providers implement reasonable security measures. Insist that appropriate security is part of your contracts.
  1. Put procedures in place to keep your security current, and always address vulnerabilities that may arise as soon as you become aware of them.
  1. Secure paper, physical media, and devices. That includes keeping safety standards in place when data is en route as well as disposing of sensitive data securely.

 

What have you done in your practice to make sure patient information and your own financial records are secure? Tell us the steps you’ve taken, and join the conversation on our Facebook page here.

 

For more info on keeping your own business as well as patients’ healthcare information secure, go to: https://www.ftc.gov/tips-advice/business-center/guidance/start-security-guide-business

Erinn Morgan

Comments are closed.