5 strategies to boost your healthcare cyber security

To say that healthcare has recently gone through some tough times in relation to data breaches would be an understatement.

According to IBM’s 2016 Cyber Security Intelligence Index, in the past year, healthcare experienced more cyber attacks and data breaches than any other industry. And it’s easy to understand why.[1]

Healthcare data is rich in personal information and therefore valuable to identity thieves, giving access to credit card information, email addresses, Social Security numbers, employment data and health history. The average number of healthcare cyber attacks rose to 3.4 per week for IBM clients participating in the survey.

Moreover, it’s not just large healthcare organizations that are falling victim; even small-to medium-sized organizations and their patients are experiencing at least one cyber attack each month, according to the Ponemon Institute’s State of Cybersecurity in Healthcare Organization’s 2016 report.[2]

But, it’s important to recognize that your healthcare organization, regardless of its size, doesn’t have to be one of them. Implementing proactive strategies like the following can help protect your organization against attacks:

1. Understand and monitor data access points: It’s important to have a solid grasp on where data is entering and exiting your systems to identify lapses in data and device security. This includes examining each data touch point, such as employee and third-party access to your systems.

2. Lock down workstations, printers and multifunction printers (MFPs) to help prevent unauthorized access: Healthcare systems are becoming increasingly interconnected, which leads to additional opportunities to obtain valuable information. Make sure security tools are implemented and being used with each device.

3. Conduct comprehensive annual risk assessments at least once a year: The way cybersecurity attacks are executed is constantly changing and adapting. As a result, you should continually review and update your cyber security protocols and response plans. Implementing a risk assessment in your organization can make a significant impact in the long-run.

4. Educate end users on cyber security in addition to HIPAA requirements: Did you know that only 25 percent of IT professionals across all industry segments are confident in employee cybersecurity awareness?[3] Give your team the information and tools they need to help protect healthcare information and adhere to the latest rules and regulations.

5. Review how business systems and processes support security: Take time to thoroughly review all aspects of data collection, storage and use to improve and support tighter security measures across your organization — from business operations to output management and interoperability.