Tips to safeguard your practice from computer hackers
Prevention goes a long way when it comes to reducing or eliminating computer hacking of business and personal computers that are used at your practice.
While not the most common form of Health Insurance Portability and Accountability Act breach, hacking and other IT in incidents, such as phishing or malware infections, can create a serious program for health care providers.
The Center for Professional Success offers the following tips tohelp keep your office computer network safe.
Be proactive — 10 ways to protect sensitive data on business and personal computers:
• Download and begin using full-disk encryption software.
• Password-protect files containing Protected Health Information or Personally Identifiable Information.
• Consider obtaining cyber liability insurance.
• Avoid unnecessarily downloading files containing PHI or PII onto your computer’s hard drive.
• Do not collect any unnecessary PII from patients.
• Purchase anti-malware/anti-virus software and set it to run every night.
• Regularly check for and install security updates.
• Adopt an emergency action plan to handle cyber security breaches in your office.
• Understand and comply with applicable laws, regulations and contractual obligations, such as HIPAA and state data security law.
• Provide comprehensive employee training on preventing and responding to security breaches.
Increase awareness — Seven ways to determine if your computer and/or sensitive data have been compromised.
• Your anti-malware/anti-virus program discovered spyware or viruses on your system.
• Your bank accounts were accessed as the result of a phishing scam.
• New programs or unfamiliar files have been installed on your computer.
• Login credentials for any website have been changed without your knowledge.
• You experience frequent, random pop-up windows with ads or system warnings.
• You have been told that spam is being sent from your email account.
• Your computer is running slower than normal and a system restart doesn’t fix this issue.
Take immediate action when necessary — Five things you should do if you suspect you’ve been hacked:
• Don’t panic. The installation of malware or a virus infection doesn’t always mean that sensitive data was improperly accessed.
• Don’t shut down your computer. Malware often resides in a computer’s memory and not the hard drive. Turning off the computer will erase the memory, and with it, evidence of the cyber attack.
• Back up your most important files and data onto an external hard drive.
• Run anti-malware/anti-virus on all network computers because an infection on one computer could affect others in the same network.
• Determine if the affected computer held PHI and/or PII of patients or employees. If it did, determine who in your practice needs to made aware of the incident and when to inform these individuals, contact a computer expert to investigate the extent of the problem and call your attorney for legal guidance on state and federal breach notification laws.