Protecting Patient Data in the Age of Cybercrimes
Updated: Oct 7, 2020
With cybercrime on the rise, home health and hospice agencies are no less vulnerable to a cyberattack than any other healthcare organization. Criminals are eager to obtain sensitive data that identifies patient’s insurance and health information. Since agencies are now embracing the need to use technology, they are also recognizing the need to invest in active methods to protect themselves from a potential data breach.
Healthcare information is widely sought after by cybercriminals and is worth a large amount of money if sold. Agencies are ripe with sensitive data as staff frequently use devices such as laptops, tablets and cell phones to access patient information. Patient data in electronic medical records (EHRs) contain social security numbers, insurance information, data of birth and other identifiers that criminals use to engage in identify theft. Stolen data accounts for a substantial number of costly incidents toward an organization and its patients.
Assess your risk
Health care officials must conduct regular baseline risk assessments to assess a cybersecurity problem. This process identifies weak areas in the system and serves as the first step in fighting cyberattacks. The assessment requires administrators to check for multiple login attempts, noticeable increases of traffic to the server, and abuse of disk space usage. Segmentation can also be used with the use of firewalls. This will limit the access to certain networks of an organization as you prevent hacking attempts. Organizations can determine who has access to particular material and areas of a network through a proper risk assessment.
Encrypt your data
Data will remain secure if it’s encrypted even if you lose a device. According to the HIPAA Omnibus Rule, section 164.304, “Encryption means the use of an algorithmic process to transform data into a form in which there is a low probability of assigning meaning without use of a confidential process or key.” The encryption of hard drives, servers, laptops, mobile devices and various other electronic media should be a top priority.
Fight “phishy” emails
Phishing is the practice of sending fraudulent emails in order to steal personal information from individuals. Many people open emails without verifying the address. Unverified emails may contain malicious attachments that could lead to a widespread breach and exposure of protected information. Strategies to fight phishing include filtering and tagging of emails, which allows users to identify external emails that could cause harm.
Keeping up to date with software
Keep up to date with software updates and developments. These are easy to perform and require minimal computer expertise.
Backup your data A backup solution ensures your data is protected against loss, hardware failure or database corruption. Placing data in a local media, removable media and an offsite area is typically recommended.
Agencies store valuable personal information, and proactive measures to combat potential threats will continue to be a dominant issue for organizations. There are challenges involved when any organization creates a plan to address the protection of patient data. Answers to these challenges can be solved with time and concentrated efforts.
Contact us to learn how Muse is protecting patients and their data privacy at firstname.lastname@example.org.