This month, all of the top healthcare security executives got together at the Privacy and Security Forum in Boston to discuss the challenges that the healthcare industry is facing. Joel Brenner, who was a former senior counsel member at the NSA, keynoted the event and made one thing very clear in his speech.
The cybersecurity threat facing the healthcare industry is only going to get worse, and the government will not do anything about it until there are major losses. So if you’re a hospital administrator or a private practice owner, no one is going to help you survive the coming storm. But if you don’t know that by now it may be too late for you.
The healthcare industry has one of the highest rates of successful hacks because of the sensitive data providers rely on and the across the board lack of cybersecurity awareness. That’s why Brenner said, “Unless someone comes in high level with a baseball bat, It’s not going to be solved.”
If you’re ready to take a baseball bat to your cybersecurity protocol, or want to improve the measures you already have, here are a few simple steps you can take that will be like hitting a homerun for your organization.
One of the simplest fixes you can make is your passwords. Whether you have 2 employees or 200, everyone should have a long password with different types of characters. If you don’t think your employees or patients will follow through, assign them a password that you know is secure. If a hacker comes knocking on the door and you only have a 6 letter password or 4-digit PIN code, you can kiss your privacy goodbye.
The next step is to implement 2-factor authentication. Every time you use an ATM you use two factor authentication, so there is no reason that you can’t use it throughout your organization. It won’t completely protect you from hacks, but handling medical records without it is a ticking time bomb.
The next step you can take is segmenting your network. Ships are designed to seal off compartments that are flooding so the water doesn’t spread and sink the entire boat. That’s the same idea behind network segmentation. The more architecture and restriction you add to your network, the more difficult it will be for a hacker to turn a small leak into a sunken ship. One you have a well segmented network you can even restrict access to security contractors or employees so there’s no chance sensitive patient records will be in danger.
The last home run step isn’t a technical or digital security measure. It’s the culture of your organization. You simply cannot survive for long if you are only compliant with security regulations. If your cybersecurity systems are designed to be a speed bump instead of a wall, then it is only a matter of time before you’re hacked. There are more hackers out there than you and they are always creating new bugs, viruses, and malware that you will not be able to identify or design a security system around. You must over prepare if you wish to stay alive.
And your IT department or contractors cannot just be a faceless person who bothers you because you don’t understand why they need so much money. Make whoever is in charge of your cybersecurity explain every detail to you in a way you can understand. If they can’t you need to find a new one, because if you don’t understand the strengths and weaknesses of your own security system your will be without a paddle when the system is tested.
These are changes that you can make now so don’t wait or sleep on it. If you don’t already have these measures in place, you’ll never even see the ball and strike out for your company sooner rather than later.