Do you want your healthcare company to be like Jersey City Medical Center, which lost the private data, including social security numbers, of many of its patients? It happened because someone lost a CD with all this data on it. And the data was unencrypted, so cyber thieves didn’t need any skill to get away with it!
The incident launched an investigation, which found that since 2008, various hospitals in New Jersey lost data for more than a million patients. In the report, an IT professional makes this comment on the lost CD, “I work in the IT industry, and we’d never send an external hard drive with that kind of data unencrypted. I would get fired on the spot.”
When it comes to data protection, how do you protect your organization from these simple mishaps and others? Here are some tips:
1. Establish a Policy & Train Your Employees Regularly:
By far, the cause of most security breaches is employee mistakes. That could be misplacing sensitive storage hardware, clicking on advertisements or e-mail links they shouldn’t, or perhaps stealing the data themselves. Your employees need a regular training – at least annually. And you need to make sure all the best practices they’re taught get followed on a daily basis thereafter.
2. Spend More Time Protecting Your Network Internally:
Most healthcare organizations spend a lot of time and money on antivirus and anti-malware software and firewalls. That’s good, but often it gets too much attention. Sometimes cyber criminals will get through despite your best efforts. As a result, you should spend more time on internal protection techniques such as segregating your networks. It helps limit damage that can be caused when successful attacks do happen.
3. Encrypt All Data on Portable Storage Media and Devices:
This is the one that burned the Jersey City Medical Center. First, you must have a policy that establishes this as a standard. Once in place, you must follow through with consequences for violating the policy.
4. Watch Out for Wireless Vulnerabilities:
Wi-Fi makes life convenient for users of portable devices, but it makes data security and protection more challenging. Some healthcare organizations have wireless routers that use the WEP security standard. It’s better to have something rather than nothing, but WEP is 12 years old! A thief could sit in their parking lot, hack their way in, and go on their way without much difficulty. That’s far from the end! There’s much more to cyber security than that. But those are some tips that take care of some of the major vulnerabilities. Implement them yourself or find an IT support team to do the work for you. You’ll save yourself thousands of dollars in fines, bad public relations, and lost revenues when you do.