6 Practical Steps to be More Secure

By: Nick VanGilder and Will Enochs on Jan 28, 2019 8:15:00 AM

lockThere isn’t a single solution on the market that is capable of ensuring absolute data security for every scenario a healthcare organization faces.

The solution always has been (and will continue to be) an in-depth defense model that is based on the requirements of the law, threats facing the business, and risk appetite.

It has been said that complexity is the enemy of security - so we offer you 6 practical steps that will help your organization be more secure.

  1. Perform an actual risk analysis - The first step toward HIPAA compliance is a Security Risk Analysis. Make sure you are receiving an actual risk analysis and not a vulnerability assessment that has been passed off as a risk analysis.
  2. Track down all instances of patient data - Often unintentionally, repositories of patient data can accumulate in less than ideal locations (i.e. network scan folders, employee desktops, etc). In order to properly protect patient data, healthcare organizations must first identify all locations of patient data. This is the first step in a security risk assessment.
  3. Keep all systems patched and updated - Unpatched operating systems and network devices often represent significant risk to healthcare organizations. It is imperative that all systems are regularly patched and that patches are validated with on a quarterly basis as part of a comprehensive vulnerability management program. If your practice doesn’t have a team to do this, consider outsourcing to a reputable partner.
  4. Have a plan for removal of outdated systems - All healthcare organizations should consider the unique risks that outdated systems (hardware and software) pose to their environment. Before systems reach end-of-life, healthcare organizations should develop a plan for migrating critical functionalities from unsupported systems to supported solutions.
  5. Security budgets need to increase - Attackers are spending more time, money, and resources to gain access to patient data and other sensitive information. To keep up, healthcare organizations must allocate more funds to their security budgets and begin to leverage new technologies such as Next-Gen AV, EDR, and UEBA.
  1. Develop a formal security program – Design and implementation of a robust information security program often requires substantial investment of time and resources. Due to increased regulatory burdens and ever-changing threat landscape, healthcare organizations need to enlist the services of a qualified information security professional to develop a comprehensive program.

Nick VanGilder and Will Enochs lead C Spire Business' Cybersecurity Testing & Consulting services. Learn more about the team here.

Topics: Healthcare

CONSIDER IT MANAGED. C Spire Business is the nation’s first full-stack managed solutions provider, capable of offering advanced connectivity, cloud, software, hardware, communications, professional services, cybersecurity, business continuity, and technology support in a single, seamless IT solution portfolio. The result is smarter. Faster. More secure. From desktop to data center, we meet you wherever you are and take on your biggest technology challenges.

Sign up for our monthly newsletter.

For the latest in technology trends, industry news, and C Spire updates.

Recent Posts

Sign up for our monthly newsletter

For the latest in technology trends, industry news, and C Spire updates.