Medical Data Under Attack!
Medical Data Under Attack! It’s no longer if, but when (part 1)
As has been well documented the value of health information on the dark web is very high, up to twenty times more valuable than even financial information. It is not a surprise because much of your financial information can be changed (banks, account numbers, etc.), but much of your health information cannot be changed (blood type, medical conditions, etc.). This is why it is becoming increasingly clear that if you work in healthcare the likelihood that your data will be attacked is very high. If you know that this attack is coming what can you do and where should you start?
Here are two simple things to do to complicate some of the easier paths for an outsider to get your data. First, make sure you have a proper firewall installed and that it is configured to prevent unauthorized access from outside of your network. Most modern routers have built in firewalls, just verify that it is enabled. Second, confirm that your practice Wi-Fi is separated from your patient Wi-Fi. This is one of the most common configuration mistakes we run into and it is by far the most dangerous. Most of the better Wi-Fi systems include a pre-configured “Guest” network that prevents access to local network resources. Be sure that it is enabled. If yours does not have this, it may be a good time for an upgrade.
We know of a practice that had a placard with the Wi-Fi name and password placed in the lobby facing the outside window. This practice shared the same Wi-Fi for their practice and guests. To make matters worse this practice had a server in the office that hosted their medical record software and other patient files. It would have been so easy for a hacker to look through the office windows and then sit in their car in the parking lot gathering whatever data they wanted. A future posting will cover how to help staff practice safe computing.
Contact the Security professionals at Compunet to make sure your practice is defensibly compliant and secure. We offer our clients a full Security Suite and 24/7 monitoring of their infrastructure to ensure their networks are properly secured. As a part of our All in One HIPAA Solution, we offer a free risk analysis. Check out our quick quiz to see if your practice is compliant!
For more information go to our website: www.hipaasecuritypros.com