What is Healthcare Cybersecurity Awareness?
Healthcare cybersecurity awareness is the action taken to protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.
Being cyber aware means you understand what the threats are and you take the right steps to prevent them. It doesn’t matter whether you’re a healthcare provider with lots of electronic protected health information (PHI) with a small number of employees, it’s imperative that you protect that information. Your patients do not want their PHI falling into the hands of hackers or identity thieves nor want your employees (or co-workers) snooping into their personal and intimate details.
Even though cyber attacks from hackers and insider threats grab lots of headlines, research indicates that users can be their own worst enemies.
Because they fail to follow basic and often common sense safety principles. This might be due to lack of training, time pressures, or any of a range of reasons. Yet, following these practices can be just as important, here are some basic tips every practice should implement!
Training – Train your workforce regularly on important cyber security issues, such as how to spot phishing e-mails and when/whom to report possible cyber incidents in your business.
Multi-factor Authentication – A username and password may not be adequate to protect sensitive information, privileged accounts, or information accessed remotely. As part of its risk analysis, an entity should determine what authentication schemes to use when protecting its systems and sensitive information (e.g. e-PHI). Multi-factor authentication typically includes a password and additional security measures, such as a thumbprint or key card.
Updates and Patching –You should update and patch your systems and applications regularly, because updates and patches often fix critical security vulnerabilities. Don’t forget to patch each of your operating systems!
Mobile Devices – Be cautious when plugging in a phone, USB, or other portable device into a secure computer or network. Mobile storage devices may not be as secure and may contain malicious software that could corrupt your secure network. If the device is needed, be sure to follow your organization’s policies on the use of such devices, which could include prohibitions on the use of personal devices or having IT personnel review such devices to ensure they do not contain malicious software.
Do Not Wait – Report possible cybersecurity threats to the right people in your organization, your HIPAA Compliance Officer as soon as possible. Time is often critical during a cyber-incident, so if you suspect a cyber-threat, report it right away.
Covered Entities and Business Associates need to understand patients are entrusting them with their most private and intimate details, they expect it to remain secure.
Besides, it is YOUR practice, YOUR patient’s, YOUR reputation and YOUR legacy! Why are you leaving yourself wide open to such risks?
Don’t know where or how to start or update your HIPAA security compliance training? Let’s chat about your compliance program – schedule a call with HIPAA alli today!