Protecting patient data requires that you pay attention to:
- Social media posts
- Access control
- Physical security
The average dental office worker is unaware that social media postings can be used to breach patient privacy from the inside out. We’ll tackle that topic, as well as physical security of patient data, in more detail over the next few days.
Let’s move down the list to access control. Ransomware is a common method of breaching physical security from the outside in. Ransomware is computer malware that installs without a trace on office devices. Ransomware holds your data hostage or mounts a cyberattack that threatens to publish patient data unless a ransom is paid.
Ransomware attacks are typically carried out using a legitimate-looking file. This is why you and your staff should use extreme caution when opening an email attachment or clicking a link. Even authentic-looking emails or links can lead to ransomware.
Ransomware may lock your system and display a message demanding payment. Some ransomware will encrypt patient files, making them inaccessible. Paying a ransom is no guarantee the hacker will give you the correct code. Recent backups are often the only real protection against ransomware. That’s why many offices are moving to an online backup solution.
Proper access control techniques can stop hackers in their tracks. However, access control typically relies on passwords, and many people select only 1 or 2 passwords for use with all their accounts. Once your password is stolen from one relatively inconsequential site, hackers may be able to use that same password to access data from other sites. If you’ve used the same password to secure your bank account, you’ve effectively provided access to your financial information.
Use different passwords for every site you access. Additionally, use 3-factor authentication, where the site sends your cellphone a code that you must enter as well.
Looking for help with your HIPAA compliance? Click here to discover Smart Training's industry leading compliance services.