Last year was a record year for the healthcare industry and cybersecurity. Attacks against patient records are common, and hit an all-time high. According to a recent Ponemon Institute report, this industry accounted for more than 23% of the data breaches in 2017. Is there a way to lessen the blow? Is there a better way to protect your healthcare organization from cyber attackers? Upgrading your healthcare network security on a regular basis is an important measure to take in protecting your patients’ personal and medical records. Let’s look at five steps you can take to improve the health your network security today.
1. Improve Employee Security TrainingWhen it comes to data breaches, it isn’t always a cyber attacker’s fault. In fact, studies have shown that 65% of respondents have experienced a cyber attack because of employee negligence or a malicious insider. Unfortunately, without the proper employee security training and awareness, these issues will continue to slip through our fingers. As a healthcare organization, you should take the responsibility of implementing new security training periodically for your employees. You should also communicate with employees about the importance of security measures. For example, passwords should be kept secret and difficult to identify when used with electronic health records. You can send periodic emails regarding security updates and also require your employees to take and pass a security course each quarter. Whatever you do, make sure training is up to date and available for all employees, current and new.
2. Increase Medical Device SecurityWith technology increasing daily, more and more devices are finding their way into our networks, especially within the healthcare industry. New medical devices such as wearable devices, telemedical devices and mobile applications are being used in innovative ways within healthcare facilities. However, this poses a problem for security when devices are not maintained and used properly. The FDA has set aside security measures that should be considered by medical device manufacturers to protect them from unauthorized access. Some of these measures include, but are not limited to:
- Using encryption wherever appropriate to ensure data is transferred securely to and from the medical device.
- Functionalities built-in that allow data analysts to find, log and act on any security breaches when they occur.
- Appropriate action information and communication for end users if a cybersecurity event occurs.