Cybersecurity: Have you hardened your systems?
We perform HIPAA Risk Assessments (Security Risk Analysis) for very small practices to large healthcare organizations, plus business associates that include software, big data, and marketing companies. We know the focus of the assessment needs to be security; therefore, we run an industry standard (NIST based) scan checking computers for HIPAA compliance. (NIST stands for National Institute of Standards and Technology) Our findings show that the average covered entity is about 15% compliant and the Windows Operating System is about 63% compliant against the NIST test. It's obvious to us that cybersecurity has not been addressed.
If you're a covered entity or a business associate, you might ask, "How do we improve these findings and correct these issues?"
It's actually not too difficult.
- Make sure your software is up-to-date. You should have "auto-update" turned on for operating systems, anti-virus software, and applications.
- Ensure that your backups are (a) current, (b) secure, (c) off-site, and that they work. Test the backups on a daily basis to make sure they have not been encrypted by ransomware.
- Correct the deficiencies of the Windows operating system, including setting up password policies. Utilizing a domain is wise.
- Hire competent IT staff or a Managed Service Provider to provide consistent service for your computers and network. Paying for assistance only when you have a problem means no one is monitoring your network or computers on a regular basis.
- Make sure your network has been locked down. Change firewall logins regularly, and use strong passwords. Hide or turn off WIFI broadcasting and use strong passwords. Do NOT allow guests onto the company network.
- If you're a larger covered entity, you should consider hiring a Managed Security Services Provider (MSSP).
Hope this helps you think about cyber security in a new light and to take action to Protect Your Patients, Protect Your Practice, and Protect Yourself.
If you have any questions drop us an email at firstname.lastname@example.org. We're happy to help!