Recently there was some coverage on about a LA hospital that had to pay a ransom in bitcoins to get access to their computer systems agan. Putting aside the moral implications of putting a ransom on a medical facility I want to touch upon the technical aspects of what a well organized and protected network should be doing to prevent these kinds of costly attacks.
Firewall: Can you buy a firewall from BestBuy for $60 and protect your network? Absolutely, but would you really trust your patient records and your business with a $60 off the shelf equipment?
What your medical practice really needs is a security appliance that includes a security suite such as virus scanning and things like Reputation Enabled Defense. Wth RED in place your employees will be prevented from unwittingly going to a malicious website and infecting their computer.
Desktop Security Services: Having stand alone anti-virus software running on your desktops just isn’t enough. If it’s unmonitored you won’t know if it gets disabled, expired or other scenarios that prevents it from working. If you have an IT vendor that you are paying for managed IT services you should have a managed anti-virus solution in place that includes monitoring the status of each product in case there is a problem.
Windows Patching: Microsoft releases updates every week, if there is a computer that has gone unpatched for a while you can easily see over 100 patches that need to be installed. Your computers should be monitored weekly to make sure they are updated, this is especially true of laptops. Often times a laptop requires special attention to get patches installed since it’s not on all the time.
Disk Encryption: If you are doctor with a laptop and you keep patient records on that laptop you must encrypt the hard drive in case it falls into the wrong hands. With encryption and your laptop gets lost or stolen another party can’t retrieve the data from it. If you aren’t using encryption you would be out of compliance with a HIPAA audit and put your patients and business at risk.
There are many other tech items to consider but I only mentioned a few of them. Even following just the above points will reduce your risk of your computers becoming compromised which in turn will minimize the risk that most medical practices face every day.
If you are a small medical practice in New York or Long Island and want to find out how an IT service can help you be HIPAA compliant please contact us for a free consultation.