Physicians typically have access to sensitive personal information on large numbers of patients, which makes their devices prime targets for hackers looking to steal that information, writes Paul Cerrato in Medscape.
News that a hacker acquired personal information on nearly 10 million patients and put it up for sale online indicates a worrisome shift from ransomware attacks on hospitals targeting access to personal information, as our sister publication, FierceHealthIT, recently reported. Doctors with lax information security practices expose themselves to Health Insurance Portability and Accountability Act violations and large fines, in addition to putting their patients’ information at risk, Cerrato says.
Doctors can protect sensitive patient information, as well as their own reputations, by sticking to some common-sense guidelines.
- Encrypt laptops and other devices so that the information on them will be unintelligible to anybody who steals them. Without an encryption key, data on an encrypted device will be “gibberish,” according to Cerrato. He recommends looking for built-in encryption programs available on most modern operating systems if you don’t have the budget to spring for an enterprise-grade solution.
- Don’t let convenience trump good security. No amount of encryption will keep a hacker out of your files if you use weak or easy-to-guess passwords, says Cerrato. It’s also important to keep anti-virus programs up to date so that they catch the latest threats, he says, and to install system updates regularly to ensure your operating system is protected from known exploits.
- Practice safe surfing. Cerrato emphasizes the importance of understanding and recognizing phishing scams, where hackers send emails with links or attachments that trick users into giving them access to their information, either by providing their credentials to a bogus web site or by executing malicious software on their machine. Since these can spread easily among coworkers, Cerrato recommends professional security training to get all staff members up to speed on this threat.
- here’s the article