Issues of security breeches, resulting in the theft of credit card information or loss of access to systems are frequently in the headlines. The healthcare industry and home care are not immune, and we are all responsible for the protection of our patients' and clients' personal health information. These protections are mandated for home care organizations by HIPAA, HITECH and other regulations. Today's guest post is by Marcus Jensen who is a writer from Australia and the Editor-in- Chief of Technivorz blog. Besides working on Technivorz, his work has been featured on several prominent tech and business editorials. Although the examples cited by Marcus are not specific to home care, his recommendations are applicable to all of us.
The last couple of years have not been great cybersecurity-wise for anyone, healthcare organizations included. For instance, in 2015 alone, the Office of Civil Rights reported 253 healthcare data breaches which resulted in a combined loss of 112 million records. The vast majority of the biggest cybersecurity issues involved outside hacking in 2015.
In 2016, the situation is somewhat different, at least in the healthcare industry. Namely, a relatively large number of cybersecurity incidents included old-fashioned theft of devices such as laptops and simple human errors. In March, for example, Premier Healthcare had a laptop stolen from their billing department and since it was not sufficiently encrypted, data pertaining to more than 200,000 patients was stolen.
Moving away from healthcare for a while, 2016 has seen its share of hacking and other cybersecurity attacks from outside. Wendy's, Oracle, Weebly and Snapchat are just some of the major players whose cybersecurity was compromised in one way or another in 2016.
According to security experts such as Securelink, 2016 has also seen an explosion in ransomware attacks, many of which aimed at healthcare, educational and even law-enforcement organizations.
If such big players are struggling to keep their data secure, what hope do small home care agencies stand?
Quite a bit of hope, actually. Namely, with a few smart practices and a comprehensive approach to cybersecurity, home care agencies can do a lot to keep their data and their patients safe.
Education. Education. Education.
It may seem like somewhat of a cliché, but when cybersecurity in any kind of an organization is in question, education truly is the cornerstone on which you build everything.
First of all, you as the home care agency owner need to learn as much as you can about cybersecurity, the different kinds of threats and the most common current trends. There are quite a few websites and blogs out there on this subject and it might be a good idea to acquaint yourself with them. This is a great list of cybersecurity blogs you might want to check out if you have the time.
The next step is ensuring that everyone who works for your agency has had at least the basic cybersecurity training. This will include talks on the importance of strong passwords, not sharing one's credentials with anyone, not misplacing company devices and more. This training should also include something on social engineering, a practice where an attacker tricks an employee into thinking they are communicating with an official of some kind from some outside agency.
Use Proper Software
There are plenty of cybersecurity software solutions out there, from firewalls to antimalware software and more. Your agency is probably already using some sort of protection, but it never hurts to remind that using such software is a must.
It also has to be pointed out that cybersecurity software has to be allowed to update on a daily basis, sometimes even a few times every day. This provides the antimalware software installed on your system with the ability to recognize the latest versions of malware.
In case you are employing third-party solutions such as any cloud-based software for other aspects of running your company, make sure that you are using the latest versions of the software and that it is secure. Every point of access to your system needs to be secured and monitored.
Back Up Everything Regularly
We should avoid junk food. We should try and keep our stress levels low. We should exercise every day. We should backup our systems. Most of the time, we follow such instructions. Every now and then, however, we forget about them or choose to ignore them.
When it comes to backing up your home care agency computer system, forgetting it may result in devastating complications.
For example, let's say that you become a victim of a ransomware attack where someone encrypts your data and asks for money in return. Until you pay up (hoping they will actually let you decrypt your data) and decrypt everything, you have no access to your system, your data, anything really. By the time you are certain your system is once again "clean", you will not have been 100% operational for days, perhaps weeks or even months.
Can you really afford this?
When you back up regularly (meaning every day or every second day at the least), such a situation is effectively prevented. You simply revert back to the most recent backup and the attacker cannot do a thing about it. Of course, this is not the only reason why you should back up your data regularly.
Ensure Physical Safety
In December last year, the Radiology Regional Center in Florida notified patients that some of their data was compromised due to their paper records literally getting lost in the street. Around that same time, a laptop belonging to Valley Hope Association was stolen from an employee's car. We already mentioned a laptop being stolen from Premier Health's billing department.
As you can see, patient and agency data can be easily compromised through basic physical access to the devices that store such data or that have access to such data.
Because of this, it is absolutely essential that you have strict policies in place, prescribing the physical safety and security of devices. All of the devices that can provide access to any sensitive patient information need to be accounted for at all times. Secure areas need to be limited to authorized individuals while equipment in less secure and high-traffic areas need to be additionally protected and monitored.
In short, know where your devices are and who has access to them.
In the end, it all comes down to a bit of education and using common sense. Keeping things simple and staying informed and vigilant will do the job in the majority of cases. If you are not 100% certain about what to do and how to behave, talk to professionals and heed their recommendations.
There is only one thing you must never do and that is to underestimate the importance of cybersecurity in the modern world.
For more food for thought, Ankota has a new e-book available for download called, Winning with the Home Health Value-Based Purchasing Program, that offers further insight on the discussion. Just click the link or the picture beow to download.
If you're interested in scheduling a live demo of our software solutions, just click the button below:
Ankota provides software to improve the delivery of care outside the hospital, focusing on efficiency and care coordination. Ankota's primary focus is on Care Transitions for Readmission avoidance and on management of Private Duty non-medical home care. To learn more, please visit www.ankota.com or contact us.