Earlier this year, the Identity Theft Resource Center announced that the United States had a total of 1,093 reported data breaches in 2016, which was an increase of 40 percent from the previous year.
Nearly one-third of these events, 377 incidents, occurred in the healthcare/medical industry. If you think these numbers are small, think again. Many incidents involved large healthcare/medical databases: 84 percent of the reported breaches impacted more than 500 people per incident. How can you secure your medical website?
Think Beyond HIPAA Compliance
Although it’s true that HIPAA compliance means that your website must meet stringent encryption, access, backup and other security requirements, measures that follows HIPAA’s guidelines can fail to prevent some breach scenarios. For example, an employee might wirelessly connect a personal mobile device to one of your systems that installs a never-before-seen malicious program designed to mine data or eavesdrop. Make certain that your anti-virus and firewall programs automatically update throughout the day. Also, register your website with search engines since they have tools that can help you improve your security and alert you to website hacks.
Protect Offline and Online Access Points
The primary method for protecting access points is to limit access to systems at the administration level to a few trusted people. More importantly, since so many instances of hacking happen because of cracked passwords, set up your website with multi-factor authentication. For example, you might require patients to use sign-in tokens in addition to passwords and send them automatic warnings to change their passwords if attempts to access their accounts are made from unrecognized geographic locations or browsers.
Teach Employees about the Consequences of Risky Behaviors
Distribute and discuss at length rules about the types of behaviors that can spread malware, such as downloading a cute picture from Facebook to use as a desktop screensaver, playing online games on networked computers or leaving login and password details in accessible places at work and home or on mobile devices. Explain in detail the damaging results of any negligence in terms of your brand reputation, patient privacy, financial losses and the negligent employee’s future employment.
Educate Patients about Preventative Measures
Patients often make security mistakes like choosing simple passwords and forgetting to log out of their accounts. Ask your patients to partner with you. For example, you might provide them with a laminated wallet card that reminds them of online security dangers that many people forget, such as accessing a private account over unsecured public or private Wi-Fi or failing to scan personal devices daily for malware.
What is at stake if your security fails?
Hackers can use patient data to create fake identities and breach personal financial, email and social network accounts. They might also publicly release private health details that result in discrimination at home, school or work or when applying for financial assistance like medical aid, mortgages and car loans. Do all you can to secure your website. Look for tips from sources like Dr. Leonardo for more help on keeping your patients’ information secure.