Imagine this fun scenario. Your home gets robbed and the thieves steal your safe full of family keepsakes. But it's a serious safe, well-built and sturdy, and they can't get in. So they ditch it. It's later identified, and you get it back with all contents intact. (That scenario is only fun because you got your things back.)
Now imagine if that safe held all of your customers' protected health information, or PHI. It would be pretty important that it stayed locked down and unopened. In a cybersecurity age when hardware theft is increasingly more common and network infiltration is always possible, what can you do to ensure no one cracks the code and empties the safe?
As someone who understands how a little risk can have huge consequences for your business's health, here's what you need to know about mitigating that risk and keeping your customer's info safe.
Healthcare Cybersecurity: The Basics
If you don't have a dedicated security team and you're going to go ahead and jump into the basics of cybersecurity, you should know that you might be the only person in your organization who's thinking about this stuff. That presents a challenge, in that it will be up to you to show your budget approvers that cybersecurity solutions are necessary to avoid deep pains like poor customer retention and negative reputation — pains caused by experiences your business has never had before.
So what you need to drive home are the basic tenets of data protection: You want to keep people from getting your stuff, and if they get it, you don't want them to be able to use it.
To develop your healthcare cybersecurity and data protection efforts, start with the above and look for solutions that allow you to achieve those goals. Your absolute best course of action is to talk to other practices that are in the same position. Ask if they are having the same concerns or issues, and how they have responded. They should be able to recommend potential services, providers and point you in the right direction.
Aside from those recommendations, consider looking into the following needs as outlined by Twinstate's Unified Defense Strategies Technical Manager, Alex Insley:
- Next generation UTM firewall
- Multifactor authentication solution
- Equipment (servers, computers, etc.) that can be physically locked down
- Secure removal storage — i.e. a secure flash drive with keys recognizable to only certain machines, such that if the USB were lost, the data would be inaccessible
- Comprehensive file and disk encryption
- Endpoint protection like anti-malware software
- Patch management solutions or services
- Secure backups stored off-site with no human intervention
If getting all of that up and running seems like a challenge, that's because it is! But that doesn't mean you should let it hold you back from achieving greater security. When it comes to IT, you can't skimp on comprehensiveness or quality because of the time or dollar investment. If you do, you're taking a big, unnecessary risk.
And if you aren't sure where to start with purchasing and implementation?
Get a Managed Security Services Provider
It’s a lot more likely that an IT managed services provider or a security partner, rather than others in your organization, will have the answers to your questions — and a lot of those questions probably involve not knowing what, exactly, you need to be aware of and how everything fits together.
Those providers will also be able to match your needs with ready-to-go solutions and time-tested tools that have already been priced out. When you choose the right partner, you won't just get the software and hardware you need to keep your healthcare information safe. You'll also get the necessary time, attention and expertise to go along with it.