What Are You Doing To Protect Your Patient’s Data & Your Practice?
针对医疗保健行业的网络攻击在过去一年中翻了一番,勒索软件似乎是进入组织敏感患者数据收集的首选方法, according to an IBM Security Report released by the X-Force Threat Intelligence Index. Unfortunately, 根据联邦调查局和网络安全和数据保护服务专家的说法, 这是因为在医疗保健行业内运营的组织往往没有多少资金用于IT安全和, 因此, are unable to implement stronger cybersecurity measures practices. 因此,不法分子将医疗保健组织作为轻松的目标.
Don’t Give Hackers Free Reign
考虑一下存储在现有文件中的所有患者信息, many of which are electronic. If a hacker were to gain access to this information, 他们可以用它来解锁病人的银行账户或发现他们的处方药. 但你的电脑系统并不是网络罪犯获取这些信息的唯一途径. The FBI cites a SANS Institute 该报告描述了犯罪分子可能获取关键患者信息的其他方式.
“Connected medical devices, applications, 医疗机构所使用的软件,从在线健康监测到放射设备,再到面向视频的服务,正迅速成为恶意黑客利用网络安全的首选目标 Internet of Things (IoT)来进行各种非法交易、数据盗窃和攻击. This is especially true because securing common devices, such as network-attached printers, 传真, and surveillance cameras, is often overlooked. 这些设备本身并没有被医疗保健机构认为是可用的攻击面,这些医疗保健机构关注的是他们更重要的信息系统.”
SANS Institute Report
Can You Answer The Hard Questions?
This is all pretty alarming information. 特别是如果你还没有意识到像牙科诊所这样的医疗机构日益增长的网络危险, vision centers, and general medical practitioners face daily. Now the hard question:
How strong are the IT security practices within your practice?
如果你不确定你在同行业中如何与他人相比,或者你只是不知道你的做法是否受到保护, 然后是时候考虑您可以采取的步骤,以确保您的实践的it系统是足够安全的. 意图d on for six IT security considerations for medical professionals.
意图d Also: What Could A Cybercriminal Do To Your 牙科 Practice?
IT Security Considerations For Your 牙科 Practice
1. Do you currently use outdated software or office products?
Microsoft, for example, regularly stops supporting older versions of its operating system, 这意味着该公司不再努力为其用户构建和提供安全补丁. 如果您的软件公司不再为您提供软件更新, you actually are at a higher risk of a security breach. Computer systems are kind of like a “go-to” example. 然而, this same scenario could impact other outdated products, including attached printers or surveillance cameras? 在你的办公室里走一圈,记下你在整个实践过程中正在使用的技术. Are updates needed to ensure there are no kinks in your digital armor?
2. Do you have a disaster recovery plan in place?
如果你不确定如果你的诊所发生了数据泄露你会怎么做, then now is a good time to put a disaster recovery plan in place. For example, your plan to protect (and, if necessary, 恢复重要的业务信息并不包括将数据存储在离诊所几英里远的异地, make a plan to get this plan in place immediately. 然后, once you have established a backup location for your data, check the integrity of your backup data regularly to ensure that, if your practice were to go down tomorrow, 您将能够恢复关键信息并维护日常业务操作. Do you have an offsite location where you store data? 如果是这样,请确保测试异地备份数据的准确性和完整性. 重新访问用于执行主处理的应用程序的优先级. 在发生灾难时,应用程序优先级列表是必不可少的,这样可以立即开始恢复您的实践.
3. When was the last time you reviewed your service agreements?
If it’s been a while, 检查你所有的服务协议,以确保你没有为已经停止服务的设备或软件付费. 问问你自己,为了确保更强的安全性,更换已经停止服务的设备是否比支付维护费用和可能的安全漏洞更便宜?
4. Do the 正确的 people have access to your IT systems?
Review user logins to ensure that only the 正确的 employees have access to your network. Don’t leave unnecessary logins (i.e. 前雇员的登录)是活跃的,这样他们就可以被不正当地访问. 如果您在基于云的环境中操作,这一点尤其重要. 您还应该测试共享驱动器目录,以确保存储敏感数据的区域仍然是安全的,并且只有实际需要访问其工作职责的员工才能访问.
5. Does your dental practice have an IT policy for its employees?
If you don’t already have an IT policy in place for your employees, you’ll want to make this a priority. If employees can access the Internet at your practice, 考虑一下你希望他们能够接触到什么,以及这些信息是否与他们的工作相关. Remember, certain websites are riskier than others. It’s up to you to determine the perimeters of their access. 换句话说,“全访问互联网通行证”只是一个等待发生的数据泄露. When considering your IT policy, 不要忘记员工可能拥有并带入办公室的智能设备,以及它们可能如何影响您的内部网络的安全性.
6. Do you store any patient financial data on your network?
If you do, 然后,您需要确保在存储数据的位置和方式以及是否有必要将其存储在首位时非常谨慎. Ensure that your practice is not storing credit card numbers, 社会 Security numbers, or checking/routing numbers in an insecure environment. 不要忘记教育你的员工这一重要安全措施的重要性.
联系 Our 牙科 Practice Professionals
不确定如何开始评估实践的IT安全强度? 联系 意图 & Associates to speak with one of our cybersecurity and data protection services 专门研究执业业主面临的独特网络风险的专家. Our team can help you secure your existing data, comply with HIPAA responsibilities, 并帮助你制定计划,防止坏人继续前进.
By Travis Strong, CISA (伍斯特, OH)
寻找更多的网络安全和数据保护技巧,以帮助保护您的实践免受不良行为者的侵害? Check out these resources:
[ARTICLE] Are There Holes In Your Data Security Infrastructure?