Connecticut-based healthcare group Starling Physicians has announced that their data was breached earlier this year. Three of their email accounts were compromised, involving the private data of patients, including names, addresses, dates of birth, passport numbers, Social Security numbers, medical information, and health insurance or billing information.
This is just the latest in a seemingly unending list of cybercrime events in the healthcare world:
All of this begs the question – do you have a process for healthcare data breach recovery in place? If not, why?
Your healthcare data breach recovery should incorporate the following protections in order to keep you safe from cybercrime (although this is not a complete list, just a starting point):
1. Anti-virus Software
Antivirus software is used in conjunction with a firewall to provide defense against malware, adware, and spyware. Each of these cybercriminal tactics has the potential to do immense damage to internal processes and a company’s reputation. The job of antivirus software is to spot, block, and isolate intrusive, malicious applications so they can’t do damage to your data and legitimate software. NOTE: Most experts are quickly coming to the conclusion the current methods the anti-virus companies are using is ineffective at stopping most modern Ransomware and breach’s providers are facing today so a layered security approach is required.
Your firewall is your primary line of defense for keeping your information safe if it comes from the outside world.
A firewall is a particular type of solution that maintains the security of your network. It blocks unauthorized users from gaining access to your data. Firewalls are deployed via a dedicated security appliance, software on the local computer/server, with today it is typically a combination of the two.
In layman’s terms, encrypted data is formatted with a key, like a secret code, that would be meaningless if intercepted. It is one of the most efficient ways to secure data like a database or files given that decryption can only occur through a key, which is essentially a “secret password”. In this case, there is a need for updated encryption software to ensure that private information is only accessible through the database program.
Encryption technology is a great way to protect important data. By making data unreadable to anyone who isn’t supposed to have access to it, you can secure files stored on your systems, servers, and mobile devices, as well as files sent via email or through file-sharing services.
Remember: Data should be encrypted at rest (meaning where it is stored) and during transit (as it is moving around).
Educate and test your staff on a regular basis to recognize phishing attempts, system irregularities, and odd behaviors. The staff is most likely the last line of defense before the attack strikes and when properly trained very effective at stopping the attack.
5. Data Backup (the Insurance)
Do you have a data backup policy in place? If so, does it follow the Backup Rule of 3-2-1 and has a data restore been tested?
If not, then you’re vulnerable, right now, to ransomware and this will be considered a practice ending event when it strikes.
Ransomware has quickly become one of the biggest cyber threats to businesses today – do you remember the recent Wanna Cry epidemic that infected hundreds of thousands of IT systems in more 150 countries (including most of the medical systems in the UK)?
That was ransomware, and it could happen to you too. Unless that is, you get a proper data backup solution put in place.
If you have you have a proper and tested data backup solution, then it doesn’t matter if your data has been encrypted. You can just replace it with your backup, simple as that.
That’s why you should make a considerable investment in a comprehensive backup data recovery solution so that you can restore your data at a moment’s notice when necessary.
Be sure to:
Like this article? Check out the following blogs to learn more: