Even though businesses of all sizes are targeted by hackers, small businesses and practices make up approximately 70% of data breaches due to cyberattacks. Patient information is very valuable and small businesses often have less protection than large businesses do in cybersecurity.
Strengthen the human element
Training employees is one of the best defenses against privacy and security incidents. An IBM study found that 95% of data breaches are caused by employee error. Whether it be sending the wrong patient information, losing a laptop, or clicking on a phishing email link, the human element is the most unpredictable.
Reduce cybersecurity exposure
Limit or eliminate access to social media and personal email accounts on business servers and machines. A social media error cost a small dental practice more than $10,000 just this month. Add associated costs and a 2-year corrective action plan and the costs continue to rise.
Practice safe email habits
Email remains the most common and easiest path of attack. Ransomware is becoming more common and small healthcare organizations are an easy target. Ransomware shows up in fake emails called phishing emails that contain malicious attachments such as Microsoft Word documents or PDF files or links that direct the user to downloading an infected file. Once an infected attachment is opened, a program locks or encrypts all the data on the workstation and can spread to other workstations on the network.
Enforce password standards
Long passphrases and complex passwords are best, but in order to be effective, they must be changed every 60-90 days. Never write your passwords down in a place where they can be easily seen or stolen by others.
Keep an eye on activity
Regularly check employee and contractor access and activity in programs that contain PHI and other business-sensitive information. Employees should only have the minimum amount of access required to perform their job duties. This will reduce the temptation to snoop or even steal patient data.
Ensure your devices and server are encrypted
This protects data on desktops, laptops, phones, and even USB drives. The loss or theft of an encrypted device keeps the incident from becoming a breach.
Back up your data and have a contingency plan in place
While it isn’t something anyone likes to think about, measures must be in place in order to recover information and restore your business to operating mode.
Keep track of evolving security risks
Risk assessments are required by HIPAA and it is recommended that one is done at least annually. It is the best way to ensure something that can lead to a data breach isn’t overlooked.