Earlier this month, COMPASS CEO Bob Olsen and Stuart Oberman, president and founder of Oberman Law Firm, teamed up to discuss the current challenges healthcare professionals face when working to keep their employee and patient data secure. Various compliance standards within the healthcare industry and potential penalties if these standards are not met were also discussed. If you were unable to attend the event, we’ve provided the top five takeaways for your convenience:
1. The healthcare industry is a target
While cyber security is of importance to all industries, the healthcare sector is among the most frequently targeted by hackers. Doctors, dentists, veterinarians, etc., each hold (virtually or physically) vast records of employee and patient medical data, which are among the most valuable assets for hackers. It is important to understand that any organization, no matter what size, holds sensitive information — and that a securely built network is critical to protecting it.
2. Look out for phishing and ransomware attacks
Bob and Stuart both reported seeing an increase in successful phishing and ransomware attacks over the last six months. Phishing emails have become more complex and realistic, which has caused many employees to open malicious attachments and links. Many of the phishing attacks have included ransomware, which can lock down devices and data until organizations pay the hacker a sum of money. It’s key to educate employees about these threats so that they are able to detect when an email is malicious before clicking on a link or opening any attachments. To get started, see our guide, “5 Tips to Detect Phishing Emails.”
3. Technology is not the only solution
Oftentimes, organizations spend their resources on new software applications, firewalls, antivirus protection programs, etc., and while these types of tools are important for securing a network, they are not the only solution. Bob and Stuart agreed that technology, policies, and employees each have a role to play in a security infrastructure and that healthcare professionals should consider each of these when building their cyber security strategy. Here are some tips they each provided:
- Perform routine vulnerability scans
- Develop documented policies and procedures (password management, access controls, backup and recovery, etc.)
- Train employees on best practices
4. Review and assess HIPAA compliance
Stuart gave a brief overview of HIPAA and the importance of compliance for healthcare organizations and vendors who work with healthcare organizations. When organizations are breached, penalties can be anywhere from $100.00 to $1.5 million, depending on whether the organization knew about the breach and/or took reasonable action to prevent and report it. These violations could cause serious financial distress on organizations and potentially put them out of business. Stuart stressed the importance of understanding HIPAA compliance and developing policies that fit with these standards.
5. Plan ahead!
Perhaps the most important takeaway from the webinar was that healthcare professionals must be proactive! It’s far more efficient to develop policies for how to respond to a breach before one occurs rather than scramble to react afterwards. Stuart and Bob concluded the discussion by giving tips on policies to focus on initially and other proactive measures that organizations can take to reduce their risk of a breach and prepare them to react if one occurs.
If you’d like to learn more about this event, you can view the full recording of the session here. Or, please feel free to contact us.
