Medical Data Under Attack! (Part 2)

Medical Data Under Attack! (Part 2)

It’s no longer if, but when. As mentioned in a previous post the value of health information on the dark web is very high, up to twenty times more valuable than even financial information. That’s why many security professionals believe that the odds are high that your data will be targeted at some point. In that post we discussed two simple ways to make it more difficult for an outsider to access your data; a proper firewall and to separate your patient Wi-Fi from the practice Wi-Fi.

This post will cover the basics of safe computing, most of these ideas will not cost money to implement and only require a few process changes. The first step is to ensure that all users have unique usernames and complex passwords. Not only are these best practices, they are required to be HIPAA compliant. There are methods to creating complex passwords that are easy to remember. One option is to create a common complex password core (six to eight characters including punctuation marks) and append to that core for various applications. For example, if my password core was One23$ I would use hEOne23$ for my home Email account and wEOne23$ for my work email.

Learn to use the Windows + L key combination to lock your computer when you step away. Be sure to install the latest security patches, for Windows these are usually released on Tuesdays. Verify that the monitors in your office do not face common areas where passing patients could see the screen. Make sure you have a printed Safe Computing Policy and that employees regularly review it. Likewise, have a clear Mobile Device Policy. For most practices this can be as simple as restricting mobile device use to the lunchroom or lobby and expressly banning them in treatment rooms. As with most things, a little bit of prevention can go a long way to reducing risk.

Contact the Security professionals at Compunet to make sure your practice is defensibly compliant and secure. We offer our clients a full Security Suite and 24/7 monitoring of their infrastructure to ensure their networks are properly secured. As a part of our All in One HIPAA Solution, we offer a free risk analysis. Check out our quick quiz to see if your practice is compliant!

For more information go to our website:

May 21, 2018 HIPAA Blogs
About admin

Leave a Reply

Your email address will not be published. Required fields are marked *