Protecting patient data requires you to pay attention to: access control, social media posts, and physical security.
Here, we focus on access control, and how ransomware can compromise your patients’ PHI and literally shut down your office.
What Is Ransomware? And What Does It Do?
Ransomware is a common method of breaching physical security from the outside in. It’s computer malware that installs without a trace on devices. Ransomware holds your data hostage, or mounts a cyberattack that threatens to publish data (such as patient data), unless a ransom is paid. It may lock your system, and display a message demanding payment. Some will encrypt files (like your patient files), making them inaccessible.
Paying a ransom is no guarantee the hacker will give you the correct code.
How Does It Work?
Ransomware attacks are typically carried out using a legitimate-looking file. This is why you and your staff should use extreme caution when opening an email attachment or clicking a link. Even authentic-looking emails or links can lead to ransomware.
How Can I Protect My Office?
Recent backups are often the only real protection against ransomware. That’s why many offices are moving to an online backup solution.
Proper access control techniques can stop hackers in their tracks. However, access control typically relies on passwords, and many people select only 1 or 2 passwords for use with all their accounts. Once your password is stolen from one relatively inconsequential site, hackers may be able to use that same password to access data from other sites. If you’ve used the same password to secure your bank account, you’ve effectively provided access to your financial information. Use different passwords for every site you access.
Additionally, use 2-factor authentication, where an additional credential, aside from username and password, is added to the log in process.
This HIPAA tip is provided by Smart Training
. Smart Training helps practices fulfill compliance requirements quickly and easily, with the help of Smart Training’s OSHA compliance advisors and certified HIPAA professionals.