While meeting all the HIPAA requirements for your technology (computer, network, etc.) requires some planning, there are some quick fixes that can greatly reduce the odds of your organization being breached while at the same time starting you on your path to compliance.
Below are some common issues that we see at all sizes of organizations. How you go about correcting some of them is determined by the size and resources of your organization.
Quick Fix #1
Issue: The operating system (i.e. Windows) on your organization’s computers / laptops is out of date.
Details: Hackers are constantly finding new ways into your computers. If you do not keep your computer up to date, it leaves these vulnerabilities open for attack.
Fix: For smaller organizations you will need to manually check each of your computers to make sure automatic updates are turned on and updating. Alternatively there are centralized patch management systems that can help, if you are running on a Windows domain.
Quick Fix #2
Issue: Weak password! Simple passwords DO NOT WORK!
Details: Hackers can download a tool off of the internet to crack passwords fairly easily. The weaker the password the more likely the hacker will be able to breach your computer and network.
Fix: Require that all users have unique accounts and passwords that are a minimum of 12 characters with a mix of UPPERCASE, lowercase, numbers, and at least one special character (i.e. !@#$%^&*). You should also have your users change their password every 90 days max. If you have a Windows domain you can enforce this with a domain policy.
Quick Fix #3
Issue: Outdated Antivirus
Details: Similar to #1, if your antivirus is out of date, your computers and networks are vulnerable to the latest virus’, malware, and ransomware.
Fix: Check all of your computer’s antivirus software to ensure that it still has an active subscription, is running, and is being updated. Most major antivirus companies have business versions of their product that allow you to centrally manage the antivirus and reduce the likelihood of something happening.
Quick Fix #4
Issue: Lack of trained staff
Details: Staff that has not been trained to watch out for malware in emails or on the web is generally the most likely way for your organization to become a victim of malware or ransomware.
Fix: Ensure the staff is properly trained in HIPAA. There are plenty of online training courses that are neither expensive nor time consuming. While the return on investment may be hidden, it is huge.