What is Cybersecurity in Healthcare?
At this point most healthcare organizations have multiple types of specialized information systems such as EHR systems, e-prescribing systems, practice management support systems, clinical decision support systems, radiology information systems and computerized physician order entry systems.
Most providers do not think of email as a “system”, but pause for a moment and try to imagine your world right now without email communication. We have spoken at length about email management and phishing issues. What we have not spoken about are email management systems. Training your staff on how to treat or react to bad emails is certainly a key factor. But having an automated system to help cut down on that intrusion to begin with, along with a system to prevent the emailing of patient information is absolutely essential.
There ae many systems that provide the ability to “block” or “black list” email sources, thus keeping those from coming into your environment. Those systems can also stop information from being sent out of your practice as well. Meaning if you have someone trying to send out a list of patient’s social security numbers, the system can read that information and stop the transmission altogether.
Physical Security
This starts out fairly simple, the use of complicated passwords for access to systems and applications. But it runs a little more difficult when you start talking day to day function. I am willing to bet you lunch that someone in your office/practice needs to occasionally perform some specific function through an application. I will also bet you that one of those people have to enter that or complete that task so rarely, they probably do not have their own login to the specific system. So, what do they do? They “borrow” the password from a coworker. Or better yet, someone has stuck a note on the computer showing the password, so everyone has access.
Office and system control are very important to reduce access and track individuals relative to their ability to send or receive information from that system.
This is where regular training, office security measures and audits as well as possibly even using a password locker with the ability to share the access, but not actually share the password can be helpful.
Legacy Systems
Something we have seen on a fairly regular basis is an office not willing to purchase the most up to date software or licensing of a product. Example, x-ray machine application, the same old x-ray device and system have been in the office for years. There is a newer version and model, but it is extremely expensive. So, the office keeps using the old legacy system as it still basically woks for their need. The problem is that system or application is no longer updated or supported. As a result, you are allowing the connection of outdated security to touch your network. This is basically an open door to your network.
Here are a few measures that you should be aware of to protect your environments and the usage by all employees:
- Anti-virus
- Backup and restoration of files/data
- Email gateway
- Encryption
- Firewall
- Intrusion detection and prevention system
- Mobile device management
- Policies and procedures
- Secure disposal
- Security awareness training
- Vulnerability management program/patch management program
- Web gateway
Please work with your technology partner to develop a plan for management and protection of your systems.
Here at Venture Pointe, we have dedicated staff ready and willing to talk with you and test your environments. Please give us a call.