With over 1.2 million patients having been affected by healthcare breaches in the past few months alone, healthcare security should be top of mind for all organizations working with private health information (PHI). In July alone, there were 70 reported data breaches of 500 or more records, making it the fifth consecutive month where data breaches have been reported at a rate of 2 or more per day.

Luckily there are some basic things you can do today to improve the overall security of PHI data that you and your team are responsible for.

How to Improve Healthcare Security

  1. Research security tools before installing them
  2. Install antivirus software and update it when needed
  3. Use a virtual private network (VPN)
  4. Utilize unique login credentials
  5. Implement multi factor authentication (MFA)
  6. Use passcodes on smart devices
  7. Use multiple email addresses
  8. Clear your cache
  9. Don’t save passwords in your browsers
  10. Disable sharing of data with social media platforms
  11. Learn to recognize phishing attempts
  12. Use smart pay

It’s an impressive list, but don’t let it intimidate you. We’ll discuss them here one at a time:

1. Research security tools before installing them

The majority of healthcare breaches occur due to ineffective security tools. As there are lots of tools to choose from, it is important to research your options and find out which ones are most suitable for your organization. Your research should include the issue of whether or not you need to configure a specific security tool to enable all of its security features. For instance, Windows 10 Pro comes with an encryption tool known as “BitLocker,” but this feature must be turned on by the end user. The Anti-Malware Testing Standards Organization (AMTSO) offers free tools on their site where you can check your security software to ensure that it is configured correctly.

2. Install antivirus software and update it when indicated

Antivirus is your first defense against cyberattacks. Most organizations install antivirus software, but they fail to keep it updated. These security updates, known as patches, address known vulnerabilities in the software. Failing to implement patches as soon as they become available makes your systems vulnerable to hackers and allow them easy access to your network environment (this is true for any type of software).

According to a recent study, up to 60% of data breaches can be linked to a failure to remediate a vulnerability for which a patch existed and was publicly available. Case in point: the recent Accellion breach left 100 of its customers exposed when they failed to update their most basic security software.

3. Use a virtual private network (VPN)

In an increasingly remote work environment, it is important to safely connect to your organization’s network. Using a virtual private network (VPN) when using public of home WiFi creates an encrypted connection so that your internet privacy and security is protected at all times.

4. Utilize unique login credentials

When creating online accounts, it is important to use unique login credentials for every account that you set up. Yes, we know this gets complicated and cumbersome. However, many businesses such as online retailers, are often targeted by hackers in order for them to gain access to usernames and passwords. Once they obtain this information, hackers will often sell the found login credentials to other darkweb criminals.

These criminals are well aware that most people have the bad habit of using the same login credentials across multiple accounts. Amazon, Netflix, your company database – we all tend to run out of imagination and end up using the same password (or a slight variation of it) everywhere. As a result it is relatively easy for them to figure out access to account, 2,3 and 4 once they learn your password/username for account number 1.

Don’t make it that easy!

5. Implement multi factor authentication (MFA)

Weak or stolen user credentials are hackers' weapons of choice and are used in 95 percent of all Web application attacks.

Multi factor authentication (MFA) is a means of adding an extra layer of security as it requires users to input multiple login credentials to access an account pr platform. This is usually a username and password in combination with security questions, a one-time PIN, or biometrics.

In other words, MFA provides an additional line of defense against cyber attackers; should they happen to learn usernames and passwords, they still have more barriers to break through before gaining access to the PHI in your care.

6. Use passcodes on smart devices

Businesses often allow employees to access company information through their smartphones or tablets. Setting a passcode on your smart devices is essential to protecting private data. This way if your smart device is lost or stolen, sensitive data cannot be accessed. Although the default setting on many devices is a 4-6 digit PIN, you can increase your security by requiring Face ID, Touch ID, or custom alphanumeric codes.

7. Use multiple email addresses

Using multiple email addresses ties back to those stolen login credentials. You should never use your company email to register for accounts unrelated to work. It is also recommended that you have two separate personal email addresses; one for bank and credit card communication, and a separate email address to sign up for retail accounts.

Using multiple email addresses is a great way to spread the risk of having your most sensitive information exposed in a cyberattack.

8. Clear your cache

A cache is your browser’s way of tracking your search history and the websites you visit. Your browser (Google, Microsoft) uses this data to recommend searches that they think you would be interested in based on your browsing history. This information is also used to send you personalized ads.

Unfortunately, internet browsers often capture much more information than you would expect.

For example, you have probably noticed that when you’re asked to fill in shipping details on a new site you’ve never visited before, your browser automatically fills in details like your name and address. It’s a convenient feature, but it is also a privacy nightmare.

Unscrupulous sites can be coded to capture that information the second it’s autofilled. This means that site has now captured your full details without your knowledge. As you can imagine information such as an address, full name or social security number can be used to bring havoc to your network if it falls into the wrong hands

This is why it is important to clear your cache every so often. This can be done in most browsers by pressing Ctrl+Shift+Del (for a PC) or command+Shift+Del (for a Mac). You can then select which data you would like to be cleared.

9. Don’t save passwords in your browsers

This next tip is debatable. Some experts recommend saving your passwords in your internet browser, as some hackers track keystrokes. By saving your passwords in your browser, your keystrokes are minimized and the likelihood that your keystrokes will lead to password exposure becomes limited. This is a great strategy for personal use.

However, when you have access to sensitive company data and PHI, experts recommend using a third-party password manager. A password manager allows users to store passcodes or even other sensitive data, such as credit card details, in an encrypted vault created on the device. It is much safer than storing such information on a browser or writing it down in a text document, a piece of paper, etc.

10. Disable sharing of data with social media platforms

Again, tracking user data is troublesome for privacy and security. What many people fail to realize is that social media platforms gather a treasure trove of information on their users. How can you stop this from happening? In addition to not volunteering private information in the things your post you, you can disable automatic data collection by restricting apps from sharing your data with third-parties. Keep your privacy, private!

11. Learn to recognize phishing attempts

Phishing attacks are another leading cause behind data breaches. Phishing emails impersonate a trusted entity and often prompt users to click on a link or attachment. The links in these emails are usually connected to malicious mal- or spyware used by hackers to gain access to sensitive information, such as login credentials.

Signs that an email is a phishing attempt include such things as a deceptive URL, a request for personal information, spelling or grammatical errors, generic greetings, or unsolicited attachments.

Detect phishing emails by hovering over the sender’s email address and double checking the domain. Make sure the spelling of the domain name is correct down to the tiniest detail. For instance, an email coming from Microsoft’s support team would come support@microsoft.com, NOT support@mcrosft.com, NOT microsoftsupport@gmail.com, etc.

12. Use smart pay

Traditional POS systems are often outdated and relatively easy to breach. Although not specifically related to healthcare security, using smart pay can protect you from identity theft. When using a company credit card, smart pay ultimately protects your business as they use encryption and authentication technology.

How does it work?

After downloading a mobile wallet, such as Apple Pay, Android Pay or Samsung Pay and adding your credit card information to it, every payment you make will generate a one-time authentication code, preventing scammers from being able to using your credit card.

Implementing all of this may seem like a tedious process, but Meeting Tree Computer takes all the hassle way and ensures your peace of mind remains intact. Give us a call and we’ll take it from there: (845) 237-2117. Together we can make great things happen!