Electronic Medical Records – Casserly Consulting

Tip of the Week: Do You Know How to Protect Medical Data?

Businesses that work with medical data are in a tricky situation, as the slightest issue with security could place considerable risk on storing this data. If you’re not careful, you could be putting your business at risk. With the compliance issues that have to be regarded, the security of any medical data you store on your infrastructure has to be made a priority. How can you minimize the risk of storing this data without compromising your business’ effectiveness?

Compliance regulations, like the Health Insurance Portability and Accountability Act (HIPAA), will make things a bit more difficult for your business. However, your business shouldn’t be hit too hard if you’re being mindful of the regulations while planning how you store medical records and other sensitive information. Here are some tips to help you keep your business as secure as possible.

Encryption is Key
The strange thing about HIPAA is that it doesn’t necessarily require that your business have data encryption implemented. Considering how much it helps in the event of a data breach, it’s ludicrous to think that it’s not required at all. Encryption essentially scrambles data so that you need an encryption key in order to view it properly. This makes any stolen data practically useless, as military-grade encryption is incredibly tough to crack by your average hacker.

Implement Comprehensive Security Solutions
More often than not, it’s better to stop attacks from happening before they infect your infrastructure rather than respond to them afterward. You can do this by implementing a Unified Threat Management solution, which includes a firewall, antivirus, content filter, and spam protection to minimize the security threats of your company at all times. These preventative measures don’t necessarily guarantee immunity to threats and hackers, but they significantly reduce the chances that you’ll suffer from them.

Limit Access Based on User Roles
The more users have access to certain data, the more threats can potentially access that specific data. Think about it this way; if you have 10 computers on your network, any one of those computers can be used to infiltrate your network. However, it’s unlikely that all 10 of the users also need the same privileges to access important data. You can keep specific data safe by limiting the number of users who have access to it.

Does your business utilize medical records or other sensitive information? Your company could be at risk of being fined due to compliance regulations. To find out how your business fares regarding data compliance, reach out to COMPANYNAME at PHONENUMBER. We can work with you to ensure that you’re being as proactive as you need to be to ensure your data is secure.

Hack a Hospital and Get Blacklisted By Other Hackers

Hackers are notorious for committing cybercrimes and exploiting what seems like everybody and anybody. Yet, just as there exists honor among thieves, there’s an unwritten rule within the hacking community: leave hospitals alone.

Of course, if you’re familiar with the activity of hackers, then you’ve perhaps heard of stories of hospitals and healthcare institutions getting hacked. To be sure, any organization handling healthcare records makes for a tempting target to a hacker. These records contain very personal and sensitive information that can be sold for big bucks on the black market (this is one reason why protection laws such as HIPAA are put into place). However, if a hacker chooses to act on this impulse, they do so at the risk of being shunned by their own.

While it’s one thing to stealthily steal files from a hospital server unit, it’s even more of a dastardly deed for a hacker to unleash a ransomware attack on a hospital network. This is due to the fact that attacks like ransomware will disable a computer until a ransom is paid to the hackers. As you can imagine, if a hospital were to have any of its equipment taken offline, then patients in critical condition would be unable to receive the care they need until the system is back online. Potentially, a move like this could result in death.

What could motivate a hacker to attempt a hack where human life is on the line? For the hacker attempting such a hack, it’s perhaps because the crisis it creates makes for a higher chance of a payout. Compared to hacking a business that’s prepared for a ransomware attack and can afford to brush it off and lose a few hours or a few days-worth of data (depending on when the last backup was made), hospitals must act as quickly as possible to get their system back online, which very well could mean paying the hacker.

What’s worse, even if a hospital pays a hacker’s ransom, there’s still no guarantee that they will regain control of their system, which could translate to a significant loss of life. Given the possibility of such a sad situation, it’s easy to see why hackers will blacklist any of their peers known for going after hospitals. After all, where do the hackers go when they get sick? That’s right, the hospital.

To give you a hacker’s perspective on the matter, ZDNet references a forum where hackers discuss, get this, the ethics of hacking. “Yes, this is pretty sad and a new low. These ransom attacks are bad enough, but if someone were to die or be injured because of this it is just plain wrong.”

While these words may be somewhat comforting for a hospital administrator to hear, keep in mind that there are some hackers who disregard any form of ethics altogether, so the risk is still there. Also, for the average SMB not associated with healthcare, there’s likely no “hacker’s code” protecting your organization from being targeted. In fact, regarding the typical SMB, hackers can build a pretty solid case on why they should pull the trigger on a hack attack.

Therefore, whether your business is in the crosshairs of hackers or not, every organization needs to be prepared and have a security solution in place that can withstand such attacks. This defense plan must include a way to defend against even ransomware, which means backing up your data with BDR and having a means to restore your backed up copy as quickly as possible so that downtime is at a minimum.

To make sure that your business is prepared for anything that a hacker throws at you, call COMPANYNAME today at PHONENUMBER.