October is National Cybersecurity Awareness Month

We are taking this opportunity to discuss how Cybersecurity relates to patients care by protecting their data.  Cyber-attacks have the potential to shut down care facilities, forcing them to resort to diverting patients, inability to access patient files to perform accurate care, putting patients’ care and data at risk. It is paramount that you stay vigilant in protecting your patient’s data, thus you must ensure that your staff is aware of the most recent and relevant cybersecurity best practices.

Importance of Risk Assessment & Analysis

Let’s start by discussing the importance of Risk Assessment & Analysis. This is probably the most important way to improve your organization’s cybersecurity posture.  Conducting regularly scheduled cybersecurity Risk Assessments helps to identify security problems, security gaps, and any system weaknesses. Furthermore, by performing these regularly, you establish a security baseline which can be used to compare against future assessment results.

With respect to overall cybersecurity, it has been our experience that most companies still fall short in 3 areas:

1. Backups – Provides the ability to recover quickly – so regular tests of backup and the ability to recover is a prime directive.
2. Multi-Factor Authentication (MFA) – goes beyond standard User ID and Passwords, MFA should be required because the use of USER ID and Passwords is no longer secure on their own. Dark web postings of passwords make company infiltration fairly common these days. Email, remote access, any access to sensitive files (LIKE HIPAA) and financial systems would be the minimum to cover with MFA.
3. Cyber Liability Insurance – the misunderstanding of who covers what during ransomware attacks or other breaches is a matter of the highest importance. If a company is breached and the business is not covered it could mean the end of the business. This is NOT just for compliance – it is a matter good Risk Management.

THA Security is a great partner in helping you address all aspects of Risk. In our next Blog post, we will go into more detail about Multi-Factor Authentication and it’s importance.