Appears In
Ensuring the security, privacy, and protection of patients’ health care data is critical for all health care personnel. Good medical records are essential for the continuity of care for patients. But with this type of data retention comes risk. The health care industry continues to see a steady increase in breaches. In 2020, 79 percent of all reported data breaches were in the health care sector. Here are some cybersecurity and privacy tips from the United States Department of Health and Human Services:
Establish a Security Culture
95 percent of security breaches occur due to human error. It is imperative that education and training are frequent and ongoing. VA requires all personnel complete applicable VA and VHA-required privacy training at the time of employment, annually and when updated training is required.
Beware of Phishing
Phishing is the fraudulent practice of contacting people via email, text, or phone to obtain personal information such as passwords, Protected Health Information (PHI), Personally Identifiable Information (PII) and financial information. Immediately report any Phishing attempts to the Cybersecurity and Infrastructure Security Agency.
Use Strong Passwords and Change Them Regularly
Strong passwords will offer the greatest protection. You should use at least eight characters (the longer, the better), a combination of upper and lowercase letters with a number and at least one special character. This will help prevent hackers from manually guessing or using applications to hack your passwords. Use multi-factor authentication whenever possible.
Plan for the Unexpected
Create backups and store them in a secure location. Having backups will give you the upper hand in a ransomware situation, as you’ll be able to recover your data and restore your system quickly in the event of an intrusion.
Control Access to PHI
Not everyone needs access to private information. There are key pieces of information that immediately allow bad actors to target an individual. Still, cybercriminals can piece together less significant information to achieve the same goal. Use access control lists to allow access to those who need it and be aware of your user permissions.