We’ve all heard the stories of data breaches at big corporations, as those tend to make the headlines. However, small businesses are still very much a target for hackers. In Symantec’s Internet Security Threat Report, data shows that 43% of cyber attacks were aimed at small businesses. Small to mid-size organizations are less likely to have robust cyber security protocols in place and unfortunately, criminals are aware of this tendency and are using it to their advantage.
When it comes to medical and health care providers, cyber security is not something to be ignored. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires personally identifiable information (PII) and other data to be kept both private and secure. Therefore, HIPAA cyber security compliance requirements must be met in order to protect confidential and private patient records. Here at HIG, our priority is to help health care providers and medical offices understand cyber security risks and how to overcome them.
In addition to having Cyber Liability and Data Breach coverage, there are also preventative measures your businesses can take to better protect patient information.
HIG’s Five Simple Tips to Keep Medical Office Data Secure:
1. Use Strong Passwords
Passwords are the first line of defense in preventing access to any computer or operating system. Not only should you be using different passwords for different accounts, but you should also change passwords regularly to keep your system and information secure. A strong password should be at least eight characters and include upper and lowercase letters, numerals and special characters. Medical practices and health care providers should also implement multi-factor authentication when possible, which requires users to verify their identities on another device. For example, when logging onto an office computer, first the user would input their password, then a second authentication would need to be provided. In some instances, this may be a pin number sent to a previously verified device such as the user’s cell phone. This pin number would then be entered on the computer to confirm the user’s identity and would successfully log the user on.
2. Install a Security System
Installing anti-virus software isn’t enough, make sure your computer systems are using the most up-to-date web browsers and have the latest cyber security software installed. Firewall security should also be enabled to prevent outsiders from accessing data on a private network. For directions on how to enable firewall security on your operating system you can visit the American Medical Association for their guide on improving digital health.
3. Control Access to Information
Does everyone in your practice need the same access to patient information? Establishing role-based access control grants or denies access to network resources based on job functions. For example, in medical practices and health care offices where personal health information is handled and stored, a staff member’s role within the practice — such as physician, nurse, or bookkeeper — should determine what exact information may be accessed by each individual.
4. Secure WiFi Networks
If your business has a WiFi network, make sure it is secure, encrypted and hidden. To hide your WiFi network, you can set up your router so it does not broadcast the network name. Access to the router should be password protected and only available to essential personal. If you want to provide guests access to a WiFi network, for example patients, friends and family sitting in your waiting room, create a separate network which uses an entirely different password from your main WiFi network.
5. Establish a Culture that Prioritizes Security
Establishing a culture where data and cyber security is a priority is a necessity you cannot overlook. When it comes to protecting your medical practice and its private patient information, you can only be as strong as your weakest link. Security policies should be put in place for all employees, and all employees should be trained on these protocols. Make sure employees understand not only how to protect their personal information and any patient information, but why it’s important. Employees should also be trained on a procedure for reporting any incidents in which information has been compromised. Cyber security should be a recurring conversation in every medical practice. As new technology is implemented or software updates are made available, employers should update employees on best practices immediately.
There are many different types of cyber attacks, but the goal of most is to steal and exploit sensitive data and cause disruption and embarrassment to your business. So while these simple tips can help prevent a cyber attack, if one does take place, it is imperative that you protect your business with the proper risk management solutions. Cyber liability insurance is one of the six vital insurance coverages that HIG believes will help secure your medical office and health care practice.
HIG is the local expert in Fall River and throughout the South Coast of MA and RI in insurance for your medical office. Contact one of our business insurance professionals today, at 508-676-5949, for a complimentary review of your business owner’s policy and to ensure you have all the coverages you need, including cyber liability insurance.