Distinguishing Good Practice from Bad in Healthcare Security
For all his vast, scientific insight, Albert Einstein is known to have remarked:
“Only a life lived for others is worthwhile.”
If you think about it, the “worthwhile” part is clear: sacrificial care of others will leave a definite mark for good (remember The Velveteen Rabbit?); a lack of it, for ill.
You can see this in any organization, be it healthcare or your own family:
Good Practice: Thoughtfulness, sacrificial kindness, genuine respect for others.
Usual Impact: Greater harmony and mutual appreciation, with less energy-sapping conflict.
Bad Practice: Constant fault-finding and blame-shifting; a general critical spirit.
Usual Impact: Annoyance and avoidance, less collaboration, and typically less productivity. (Studies on conflict bear this out. The average employee spends at least 2 hours/week dealing with office-related conflict).
It’s pretty clear, isn’t it? One set of choices tends to promote flourishing; the others are sure to ratchet up stress and ruin relationships. (Kindness when you don’t feel it – or think another deserves it – is called grace, something we all need).
What about Healthcare Data?
When it comes to good and bad practices for securing your healthcare data, sometimes they’re not so self-evident. We need frequent reminders.
The Cybersecurity and Infrastructure Security Agency (CISA) thinks so too; that’s why in their recent Bad Practices catalog for organizations, they highlight the following 3 practices sure to invite trouble for healthcare data:
1. Use of unsupported (or end-of-life) software… especially egregious in technologies accessible from the Internet.
When support for a software version is withdrawn, security patches are no longer issued for vulnerabilities. “Holes” are left that may easily be exploited by hackers looking to gain access to your internal systems and networks.
2. Use of known/fixed/default passwords and credentials.
Default passwords from manufacturers are standard; the problem is, they’re also well-known by hackers. Unless these credentials and passwords are changed, data breaches are much more likely to occur.
3. The use of single-factor authentication for remote or administrative access to systems.
Single-factor authentication involves the standard username/password combination to protect your account. However, this is no longer an adequate means to protect your account, as brute force attempts by hackers can often crack these credentials.
The use of multi-factor authentication, however, which requires an additional authentication factor such as a one-time, generated code sent to your personal smartphone, can provide significant added protection.
In fact, studies have shown that multi-factor authentication is “effective at blocking 100% of automated bot attacks, 99% of bulk phishing attacks, and 66% of targeted attacks,” as noted in the HIPAA Journal.
With HIPAA Vault’s fully-managed cloud services, you can avoid these bad practices that can open the door to a host of negative impacts: breaches, HIPAA violations and fines, potential lawsuits, and loss of business reputation.
In contrast, not only will you enjoy the most up-to-date software and patching, password management, and two-factor authentication, but a host of additional “layers” of security (see our full list of managed services here.)
All of our fully managed solutions, like Secure Linux and Windows hosting, HIPAA compliant WordPress, secure FTP server, and secure Email, were designed by cloud experts with extensive cybersecurity and HIPAA expertise (ie, good practices).
If you have any questions on HIPAA Vault’s secure data practices, proven solutions, or any of the services we provide, please contact us! 760-290-3460.
Trust HIPAA Vault to provide the safe communications & positive patient experiences that you expect! All our solutions are designed to protect you from costly HIPAA violations and fines, and data breaches that can ruin your business reputation. Our fully-managed security is designed to limit your liability and bring peace of mind!
