With 1.2 million patients affected by February 2021 healthcare breaches, healthcare security should be at the top of mind for organizations working with patient information. Therefore, healthcare and cybersecurity are both important to maintain. To provide guidance on protecting your organization against breaches, 12 tips to improve your healthcare security are discussed.
How to Improve Healthcare Security
There are 12 things that you can do today to improve your overall healthcare security, and personal security in general.
- Research security tools before installing them
- Install antivirus software and update it when needed
- Use a virtual private network (VPN)
- Utilize unique login credentials
- Implement multi factor authentication (MFA)
- Use passcodes on smart devices
- Use multiple email addresses
- Clear your cache
- Don’t save passwords in your browsers
- Disable sharing of data with social media platforms
- Learn to recognize phishing attempts
- Use smart pay
1. Research security tools before installing them
The majority of healthcare breaches occur due to ineffective security tools. As there are several tools to choose from, it is important to research these options to find out which is most suitable for your organization. Through your research you will also be able to determine if you need to configure a security tool to enable certain security features. For instance, Windows 10 Pro comes with an encryption tool known as “BitLocker,” but this feature must be turned on by the end user. The Anti-Malware Testing Standards Organization (AMTSO) also has a feature on their site so that organizations can check their security software to ensure that it is configured correctly.
2. Install antivirus software and update it when needed
Antivirus is the first defense against cyberattacks. Most organizations install antivirus software, but they fail to keep it updated. These updates, known as software patches, often address known vulnerabilities in the software. When organizations fail to implement patches as soon as they become available, their systems are vulnerable to breaches (this is true for any type of software). This fact is evident through the recent Accellion breach that left 100 of its customers exposed when they failed to update the software.
3. Use a virtual private network (VPN)
In an increasingly remote work environment, it is important to connect to your organization’s network through a virtual private network (VPN). VPNs create an encrypted connection so that if you are using, say a coffee shop’s public wifi, your internet browsing history remains private.
4. Utilize unique login credentials
When creating online accounts, it is important to use unique login credentials. This is because businesses, such as online retailers, are often targeted by hackers so that they can obtain their customer’s usernames and passwords. When they are successful, they often sell the login credentials on the darkweb leaving those usernames and passwords exposed. So if you use the same credentials to login to your organization’s network, the hacker can use the credentials stolen from the retailer to access your organization’s sensitive data.
5. Implement multi factor authentication (MFA)
Multi factor authentication (MFA) is another means of increasing healthcare security. MFA requires users to input multiple login credentials to access a platform. This can be a username and password in combination with security questions, one-time PIN, or biometrics. As stated above, hackers often post users’ stolen credentials for sale online. By using MFA, even if a hacker has access to a user’s username and password, they will be unable to access the platform.
6. Use passcodes on smart devices
Businesses often allow employees to access company information through their smartphones or tablets. Setting a passcode on your smart devices is essential to protecting private data. This way if your smart device is lost or stolen and security is compromised, sensitive patient data cannot be accessed. Although the default setting on many devices is a 4-6 digit PIN, you can increase your security by requiring Face ID, Touch ID, or custom alphanumeric codes.
7. Use multiple email addresses
Using multiple email addresses ties back to those stolen login credentials. You should never use your company email to register for accounts unrelated to work. It is also recommended that you have two separate personal email addresses. This way you can use one for bank and credit card communication, and a separate email to sign up for retail accounts. Using multiple email addresses decreases the likelihood of having your sensitive information exposed in a cyberattack.
8. Clear your cache
A cache is your browser’s way of tracking your search history and websites that you access. Your browser uses this data to recommend searches that they think you would be interested in based on your browsing history. This information is also used to serve you personalized ads. However, internet browsers often capture much more information than you would expect. This is why it is important to clear your cache every so often. This can be done in most browsers by pressing Ctrl+Shift+Del (for a PC) or command+Shift+Del (for a Mac). You can then select which patient data you would like to be cleared to protect your security.
9. Don’t save passwords in your browsers
This next tip is debatable. Some experts recommend saving your passwords in your internet browser, as some hackers track keystrokes. By saving your passwords in your browser, your keystrokes are minimized as is the likelihood that your keystrokes will lead to password exposure. This is more suited for personal use. However, when you have access to sensitive company patient data, some experts recommended using a third-party password manager for security. Using a password manager improves security as their business relies on password security so their protections are much more robust than the password manager in your browser.
10. Disable sharing of data with social media platforms
Again, tracking user data is troublesome for privacy and security. What many people fail to realize is that social media platforms gather a treasure trove of information on their user’s. However, you can disable this feature by restricting apps from sharing your data with third-parties.
11. Learn to recognize phishing attempts
Phishing attacks are another leading cause behind breaches. Phishing emails impersonate a trusted entity prompting users to click on a malicious link or attachment. Hackers use phishing emails to gain access to sensitive information, such as login credentials, so that they can steal or corrupt data. There are usually signs that an email is a phishing attempt, such as an email asking for personal information, spelling or grammatical errors, generic greetings, or an unsolicited email attachment. Another way to detect phishing is by hovering over the sender’s email address before opening the email. Emails coming from a legitimate company will have the company domain name in the email address. For instance an email coming from Microsoft’s support team would come from [email protected] NOT [email protected] NOT [email protected] etc.
12. Use smart pay
Traditional POS systems are outdated. Although not specifically related to healthcare security, using smart pay can protect you from identity theft. And when using a company credit card, smart pay ultimately protects your business. When using smart pay, a one-time authentication code is generated, preventing scammers from using your credit card.
