Cybersecurity In A Changing World
Sony, Target, Home Depot, Wyndham, T.J. Maxx, Apple, Staples, Hannaford Brothers, Anthem.
You’re probably glad that your company hasn’t been in the news for the last few years like those companies. What do they all have in common? They all had their customers’ personal data stolen in a data breach. Every single on of these companies has paid or will pay hundreds of thousands or millions of dollars as a result of their breaches.
Is your company in a better position? Are you better protected? You hope, that you are. You hope that your systems are secure. You hope that you are not a likely target. But moving forward every health care provider becomes more and more vulnerable to being hacked and losing patient data, and patient trust.
Not only are you a likely target, hospitals and healthcare providers can be hit especially hard by such attacks. Consider that while you might manage hospitals or practices in only one state, you may have patients from all over the country. You collect payment information and other personal information from every patient. What happens if you get hacked? What can you do to be proactive and minimize your risk of a hack?
- Re-evaluate your data protection policies and technology. Technology changes. Laws and regulations change. Employees come and go. Best practices evolve. Are you up-to-date? Ignorance of the technology or law is no excuse, and failure to train employees will guarantee trouble.
- Establish a Rapid Response Policy. Like all emergencies, there is little time to think when a data breach occurs. It is not a question of if, but when and how big. It may be one record caused by a bad employee or it may be a major system hack. So, expect it and plan for it. Designate a decision-maker and a spokesperson. Find a qualified lawyer and IT specialist who will help respond when the time comes. Make sure you know which state and federal laws and regulations you will have to comply with, how the notices will be sent and if you need a patient call center. Find out what ID theft insurance and credit watch services might be helpful to offer patients. Preparedness makes all the difference during a crisis and a data breach is no exception.
As always when it comes to IT security in the healthcare world the most important element is ensuring compliance with the HIPAA security rule. Compliance with this rule is the first thing that HHS auditors look at whether there is a breach or just a routine audit. Make sure that you’re prepared and that your patients are protected.
If you have any questions about IT security and the unique challenges facing the healthcare industry give ITPAC a call today.