Gerry Blass, President & CEO, ComplyAssistant
Jason Tahaney, Director of Technology, Community Options
ComplyAssistant’s President and CEO Gerry Blass and Community Options’ Director of Technology Jason Tahaney recently authored an article in HCCA’s Compliance Today magazine titled “How Simplifying your IT Environment can Bolster Security.” The article provided important tips and best practices for CIOs to keep in mind. As the present-day healthcare cybersecurity environment continues to be ravaged by hackers and scammers, this article serves as a reminder that sometimes the best tools for mitigating risk are in your own backyard.
Building Stronger Healthcare Cybersecurity in your Organization
Some of the major takeaways from this article include:
- Discover new ways to simplify your organization’s cybersecurity infrastructure
- Learn about the biggest IT security risks organizations face today and how to mitigate them
- Define barriers that organizations face when it comes to risk and simple solutions to effectively combat them
- Receive guidance for ensuring that everyone within the organization adheres to cybersecurity best practices, not just the IT folks
- Get steps your HIM team can take to ensure your organization’s IT environment is as safe as possible from risk
There’s no doubt that the current healthcare technology landscape has been stressful, especially for those in IT. The article aims to debunk the myth that healthcare cybersecurity should solely fall on the shoulders of HIM professionals, but rather everyone in the organization should be held accountable for making sure the organization is safe and secure. A Pew Research Center poll found that 71% of workers are doing their job from home all or most of the time. With this many workers online, it’s no wonder it’s become so easy for bad actors to take advantage of threats like phishing or malware.
Switching to a Cloud-Based Infrastructure
One of the starting points Tahaney and Blass recommended for organizations looking to bolster their environment is through switching to a cloud-based infrastructure. As the article indicates, a cloud-first solution (as opposed to on-premises) leads to the savings of countless resources, including time, money, and disaster recovery. Furthermore, there are many cloud solutions out there today that are compliant with HIPAA and various other frameworks that seek to protect patients’ valuable information. The risk of PHI being exposed via the cloud is less likely to occur than it would on a locally based IT system.
Another suggestion Tahaney and Blass shared is for organizations to use their corporate logos on email authentication screens and other IT system login screens. One of the easiest ways for a hacker to steal information is through email, and this is a great way to enforce an added layer of security. Microsoft 365 has great solutions for enforcing strategic checkpoints as opposed to a generic sign-in that can help with this.
Common Healthcare Cybersecurity Threats
Lastly, Tahaney and Blass outlined some of the common threats as identified by the U.S. Department of Health and Human Services in partnership with the Section 405(d) Task Group, which include:
- Email phishing
- Ransomware attack
- Loss or theft of equipment or data
- Insider, accidental or intentional data loss
- Attacks against connected medical devices that may affect patient safety
They concluded with tips that HIM teams of any size or scope could apply to combat these before they occur. Read the full article here.