Who doesn’t like settling the score, revealing the truth, and debunking frightening Cybersecurity Myths accepted by many Orthopedic Groups that might scare the living daylights out of you? Reliable IT Healthcare has heard them all.
A list of eight found or heard Orthopedic Group Cybersecurity Myths is presented to you, along with sensible facts to help you avoid falling prey to fables, fairy tales or healthcare folklore. At the conclusion of this article, we invite you to take a guess which myth applies to the scenario presented.
Myth #1 – You Can Hide Ransomware Breaches Under The Carpet
Fact: In 2016, it was estimated that 27 million patient records stolen due to ransomware, hacking, and malware. That was roughly 450 different data breaches. Of that amount of hacks, only nine organizations reported the attacks to the U.S. Department of Health and Human Services’ Office of Civil Rights. In 2017 the OCR changed the ruling for the HIPAA Breach Notification Rule. The burden of proof has gotten tougher. The provider now has to prove a hacker didn’t gain access to patient records during an attack.
Myth #2 – I’m Protected, I Have Machine Learning Software
Fact: As fantastic as it is to have software that detects and analyzes threats it remains only one layer of protection. The technology’s software learns based on predictability. But when you have new threats, like zero-day attacks emerging, and other risks morphing the machine learning software doesn’t know what to look for, and why robust infrastructure based on both defense and data are crucially needed and give you stronger protection.
Myth #3 – When I Unplug Devices and The Network I Removed The Risk
Fact: Disconnecting devices reduces risk, but you can never eliminate the hazards. For example, let’s look at that little useful USB port. Data moves from hard drive to hard drive with something as innocent as a thumb drive. All it takes to lose information is for someone to plug that thumb drive into a forgotten port or device, and the files are gone.
Myth #4 – I Have The Latest Security Software and Firewalls, So I’m Safe
Fact: We all want to believe the latest and greatest security software will fend off cyber attacks. But at the first sign, the new upgrade installed, you are still encountering breach attempts; that shiny object begins losing its luster. A word about Firewalls. You have to remember they only protect the perimeter, not the entire network. Firewalls can also be by-passed or misconfigured.
Myth #5 – Our Passwords Are Hard For Hackers To Break
Fact: We all want to believe it’s harder for hackers to figure out our passwords. But the reality, passwords used to be hard to break. The 16-character passwords we’ve all gotten used to; hackers have been working hard and have discovered they can now crack long multi-character passwords in less than an hour. Here is a reminder, Passwords are for access control, not security measures.
Myth #6 – Our Training and Policies Finally Fixed Our Security Risks
Fact: Any Orthopedic Group should never conclude training and policies come to an end. Security issues are always evolving. Ongoing training and revising policies is a never-ending security risk process. All it takes is one employee who cannot tell the difference between real and fake emails; they click it on, and your system gets breached. It’s that easy.
Myth #7 – Our Large Pools of Information Show Us Network Activity
Fact: A widely recognized practice in the healthcare industry is collecting massive amounts of information, known as data pools. It brings helpful activity insight into the network, but it does not show the vulnerabilities that are found on each device. Without analytic tools and policies established; the data pool content cannot be used to detect an attack. Prevention is needed, but the layer of security your group needs is of higher value and is known as detection.
Myth #8 – Our Physical Security and Cybersecurity Are Separate
Fact: Thumb drives, paper documents, and mobile devices have sensitive patient information on them. In the wrong hands that data becomes an exposed asset. Regardless, if the device is not connected, physical security falls under the umbrella of Cybersecurity. They are not two separate functions. They are a single function with two inter-working parts. Impregnable physical security mechanisms and enhanced encryption policies marry the two together increasing security.
After reviewing the list any Orthopedic Group would not want to make the same mistake, a Raleigh North Carolina orthopedic clinic did back in 2013. They allegedly handed over protected information for about 17,000+ patients, to a potential business partner; without getting a business associate agreement first executed. When the Office of Civil Rights finished their investigation; the clinic paid $750,000 over this one HIPAA violation.
Like this article? Check out Are You Making These 5 EMR Performance and Disaster Recovery Mistakes?, 6 Reasons Why Ortho Groups Need To Outsource IT, 5 Key Indicators You Chose The Right Medical IT Consulting Firm to learn more.