Conrad A. Clyburn, M.S. (U.S. Army Retired)
Cybersecurity practices are important for healthcare organizations in order to safeguard their practices from cyber threats to patients and the organization itself. Zane Networks, in its role as a Management Service Organization, and with its certification with EHNAC – the Electronic Healthcare Network Accreditation Commission-works with practices to advise them on how best to thwart threats that could result in the loss or theft of sensitive patient information.
As per the Healthcare and Public Health Sector Coordinating Council’s publication, Technical Volume 1: Cybersecurity Practices for Small Health Care Organizations. [add link to publication here: https://www.phe.gov/Preparedness/planning/405d/Documents/tech-vol1-508.pdfone of the top five prevailing threats to small practices is email phishing attacks.
Below are some tips as per this publication that practices can use to help reduce the risk:
Consider the following controls to enhance the security posture of your e-mail system. Check with your e-mail service provider to ensure that these controls are in place and enabled.
- Avoid “free” or “consumer” e-mail systems for your business; such systems are not approved to store, process, or transmit PHI. We recommend contracting with a service provider that caters to the health care or public health sector.
- Ensure that basic spam/antivirus software solutions are installed, active, and automatically updated wherever possible. Many spam filters can be configured to recognize and block suspicious e-mails before they reach employee inboxes.
- Deploy multifactor authentication (MFA) before enabling access to your e-mail system. MFA prevents hackers who have obtained a legitimate user’s credentials from accessing your system.
- Optimize security settings within your authorized internet browser(s), including blocking specific websites or types of websites, to minimize the likelihood that an employee will open a malicious website link. Most browsers assess the possibility that a site is malicious and send warning messages to users attempting to access potentially dangerous sites.
- Configure your e-mail system to tag messages as “EXTERNAL” that are sent from outside of your organization. Consider implementing a tag that advises the user to be cautious when opening such e-mails, for example, “Stop. Read. Think. This is an External E-mail.”
- Implement an e-mail encryption module that enables users to securely send e-mails to external recipients or to protect information that should only be seen by authorized individuals.
- Provision every employee with a unique user account that is tied to a unique e-mail address. These accounts and e-mail addresses should not be shared and should be de-provisioned when the employee leaves the organization.
If you have more questions on safeguarding your organization