Bradley attorney Jordan Stivers was quoted in Diagnostic Imaging on effective ways that small medical practices can help prevent cybercrime. It has become increasingly more common for organized cybercrime groups to target healthcare providers to gain access to credit card numbers, Social Security numbers, email addresses, bank account information, and birth dates. Experts recommend that an IT security framework include deploying technical controls — which may include firewalls, desktop antivirus software, antivirus software on email servers, antivirus and anti-malware protection on employee inboxes, and content filtering for the Internet and email.
Stivers explained that a firewall protects against intrusions and threats from outside sources. A software firewall is typically more appropriate for small physician practices. Stivers also highly recommends the use of encrypted email, but if it isn’t feasible, practices should password protect documents containing protected health information (PHI) or prohibit the transmission of PHI via unsecured email, using mail or fax instead. Many risks exist with mobile devices that store or transmit PHI, such as laptops or smartphones on which you may access work email or other information, says Stivers.
“Any PHI on a mobile device should be encrypted,” she said. “Install personal firewall software on all laptops that store or access electronic PHI (ePHI) or connect to networks on which ePHI is accessible. Also install, use, and regularly update virus-protection software on all portable or remote devices that access ePHI. Password protect all mobile devices, and if feasible, implement two-factor authentication (i.e., where you have to answer security questions or another step in addition to entering a password).”
The complete article, “6 Ways Small Practices Can Thwart Cybercrime,” appeared in Diagnostic Imaging on April 24, 2017. (login required)