If you’re particular about following HIPAA compliance, you may think your skilled nursing facility is protected from a hack. The truth is that healthcare organizations need to follow today’s cyber security best practices in addition to their HIPAA practices to protect their employee and patient data from being hacked.
If you’re worried your confidential files are at risk, use this three-point checklist to determine how you can tighten up your skilled nursing facility’s cyber security.
1. Do you require employees to change their passwords?
One simple way to boost security in your skilled nursing facility is to staff, and anyone else that has potential access to resident, staff or confidential data, to change their passwords at least once a year.
If you’re not keeping up on password changes, you could be leaving your healthcare organization open to a cyber-attack. That’s because hackers sometimes gain access to passwords through the dark net, stealthy phishing scams, or even guessing.
While it’s important that you should require password changes every so often, you’ll also want to ensure that staff and others with access to confidential data are creating secure passcodes. Most people know that passwords such as “Password1” or “Dog21” are not going to cut it today. In fact, if you check this website, you’ll see that these passwords can be hacked by a malicious user within a matter of seconds.
This may be a surprise, but the most secure passwords are long-tail phrases. Instead of using a password like “T4co!” it’s recommended that you opt for a longer phrase such as “ItsTacoTuesday!” to be even more secure.
Your password is the key to the kingdom. If it falls into the wrong hands, you could end up with a cyber disaster. That’s why it’s so important to require changes and use password best practices.
2. Are your employees up to date on cyber security best practices?
Treat your employees like they’re a cyber security risk. Why? Because they are.
The biggest threat to your organization’s cyber security is your beloved employees. It’s not necessarily because they’re looking to harm you, although some can have malicious intent. Most of the time, they just don’t know that what they’re clicking on is putting your skilled nursing facility at risk.
If you’re not up to speed on the latest cyber security standards, you might be unaware that most phishing emails do not have subject lines that look like “FrEE PIZZA. Add PAPA JOHNS Login to REDEEM!” They’re more likely to imitate credible organizations like Amazon and ask for a “password reset.” Once you’ve supplied your Amazon password, they can hack into your account and get access to your personal information.
You or your staff may not know that phishing emails can imitate legitimate emails, mimicking organizations like Amazon or Microsoft asking for a password reset. If you don’t think twice before supplying your credentials, you are giving a hacker access to highly confidential information.
3. Are you updating your software regularly?
Are you one of those people who sees a software update notification and keeps pushing it off until later, or never? Does your staff?
This behavior pattern can be more damaging than you would expect. Software companies, like PointClickCare, are constantly watching and testing their software for security vulnerabilities. Once they spot a major concern, they develop a security “patch” and release it to users in the form of a simple software update in the cloud, seamless to the end user. Once malware hackers find out about those vulnerabilities, they’ll develop security threats that will target software users. If you haven’t updated your software yet, you could be the victim of a devastating hack.
In order to stay on top of your software updates, set a quarterly reoccurring calendar appointment to check your software for updates. Or, if you have the IT personnel available, designate someone to take care of software updates so you can remain protected. If your staff is stretched too thin to manage your essential maintenance tasks, it may be time to consider managed services.
Another maintenance task that needs to be taken care of is auditing your list of authorized users on essential software. If your security software is set up to alert the wrong person in the event of a cyber-attack, you’re not going to know when someone has hacked into your network until it’s too late.
Every six months to a year, you should take a quick inventory of all the people authorized on your security software and ensure that the correct people are in control and will be notified in case of a disaster.
There are lots of easy best practices your skilled nursing facility can adopt to prevent a cyberattack. If you’re ready to learn, contact our team here or call us at 410.685.5512.