This is the third article in a three-part series on cybercrime. Phishing and malware, including ransomware, are of particular concern to your practice, because healthcare is the top target of cybercriminals.
The Healthcare Cybersecurity Communications Integration Center (HCCIC) offers the following advice5:
Back up data regularly, and use off-site servers for backup and storage.
Secure your backups. Ensure backups are not connected permanently to the computers and networks they are backing up. Backups are critical in ransomware recovery and response; if infected, a backup may be the best way to recover critical data.
Restrict access behind firewalls and limit the number of users who can log in to remote desktop applications.
Train your staff to assist in detecting malicious software and make sure they know how to report such detections.
Conduct an annual vulnerability assessment.
Use strong/unique username and passwords with two-factor authentication (2FA).
Implement an account lockout policy to help thwart brute force attacks. Set a maximum number of attempts before locking out the account.
Taking these steps, along with having a HIPAA-compliant practice management and email exchange systems, will help prevent you from becoming the next victim of malware and phishing.
HIPAA-compliant email exchange system iCoreExchange is unable to be phished, is encrypted at the highest levels, and stores its data remotely. It’s available standalone, or as part of iCoreDental, an ONC-certified practice management EHR software.