Every day Covered Entities and Business Associates face unique challenges from cybersecurity, interoperability, and patient safety. Cyber attacks and breaches are becoming the norm in every business and healthcare is #2target AFTER financial institutions.
All of these have in common, the need to:
Keep Protected Health Information Secure at ALL Times!!
What is Healthcare Cyber Hygiene?
As defined in Cyber Hygiene: A Baseline Set of Practices by Carnegie Mellon University:
Cybersecurity hygiene is a set of practices for managing the most common and pervasive cybersecurity risks faced by organizations today. Much like personal hygiene, cyber hygiene practices are intended to secure patient’s protected health information (PHI) the same way hand-washing protects them from infection.
Healthcare Cyber Hygiene Practices
Here is a baseline set of healthcare cyber hygiene practices:
- Identify and prioritize key organizational services, products and their supporting assets. Don’t forget to include mobile and Internet of Things (IoT) devices.
- Identify, prioritize, and respond to risks to your organization’s key services and products, including third party vendors.
- Establish an incident response plan.
- Conduct cybersecurity education and awareness activities.
- Establish network security and monitoring.
- Control access based on least privilege and maintain the user access accounts.
- Manage technology changes and use standardized secure configurations.
- Implement controls to protect and recover data (i.e., create back up and contingency plans).
- Prevent and monitor malware and ransomware exposures.
- Manage cyber risks associated with suppliers and external dependencies.
- Perform cyber threat and vulnerability monitoring and remediation.
Covered Entities and Business Associates need to understand your patients are entrusting YOU with their most private and intimate details, they expect it to remain secure.
Besides, it is YOUR practice, YOUR patients, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?
Don’t know where or how to start or update your HIPAA security compliance training? Let’s chat – schedule a call with HIPAA alli today!