Managing Your Security as Cyber Attacks Intensify By Robert McDermott President & CEO, iCoreConnect It seems almost yearly now that a major cyber-attack on various parts of the healthcare industry serves as a wake-up call to all providers regarding their security and the importance of mitigating risks. In February of this year, a major healthcare technology provider was attacked, and its data was held for ransom by the cybercriminals. Once vulnerable, it suffered a second cyber-attack just a few months later, putting massive amounts of patient data at risk. Sadly, it also seems that even in the wake of a major security incident, we tend to nod back to sleep until the next attack kicks us back into security high gear. Unfortunately, the impact of these attacks can create ongoing waves of negative impact across critical components of digital healthcare delivery from billing, verification of insurance, and payments to ePrescribing. Organization Or Practice Size Doesn’t Matter You may think cyber criminals only attack the big organizations, but that’s not true. Attacks can happen on businesses of every size, crippling operations, exposing patient records, and draining bank accounts. You need to implement proactive measures to ensure continuity of patient care and better protect patient data and trust. Does Your Practice Understand Security Risks As with any attack mitigation efforts, understanding the key vulnerabilities and strategies to mitigate them is the first step. Here are three key areas to check first: 1. UNAUTHORIZED ACCESS Risk: Unauthorized users gaining access to sensitive patient information or modifying records. Mitigation: Implement measures such as multi-factor authentication and role-based access control to limit system access only to authorized personnel. Multi-factor authentication protocols include the use of text-message codes or access tokens keyed to individual users. 2. DATA BREACHES Risk: Patient data breaches can lead to compromised confidentiality and privacy, along with the risk of crippling fines and reputation loss. Mitigation: Encrypt data both at rest and in transit to prevent unauthorized access with, for example, fully HIPAA-compliant email. Configure “ransomware resistant” backup to enable a quick recovery in the event of an attack. Regularly update security protocols and conduct vulnerability assessments to identify and address potential weaknesses. Employ Business Associate Agreements (BAA) with third-party vendors and organizations to ensure their security measures are HIPAA compliant. 3. PHISHING ATTACKS Risk: Phishing attacks have grown increasingly more sophisticated over the past few years with more than 90% of cyber-attacks starting with a 38 | Sept 2024
RkJQdWJsaXNoZXIy Nzc3ODM=