Readying hospital systems for HIPAA compliance

Healthcare professionals should implement a comprehensive cybersecurity solution to prevent an expensive data breach from occurring.

Healthcare administrators have more reasons than ever to bolster their defenses against data breaches. In addition to the direct financial cost of stolen medical records, healthcare facilities may be faced with substantial penalties in the event that their stored patient information is illegally accessed. Legislation such as the U.S. government's Health Insurance Portability and Accountability Act have created strict guidelines regarding how sensitive medical information should be stored and managed. Ensuring that patient data remains safe and healthcare facilities stay compliant requires a comprehensive cybersecurity protocol that also provides IT leaders with a great deal of oversight. A critical component of any HIPAA compliance effort is the implementation of a robust system restore and recovery system across the entire network.

Hospitals and other medical facilities have become a popular target for cyberattacks over the years. These institutions contain a great deal of information that can be leveraged by hackers for considerable financial gain. Payment records, Social Security numbers, personal information and medical data are all available at cybercriminals' fingertips, if they can crack network defenses and access hospital servers.

For example, the Medical University of South Carolina experienced a series of breaches over a period of multiple months, resulting in data belonging to more than 7,000 patients being compromised. Details on the nature of the incident are still forthcoming, however, the source of the breach reportedly was a third-party credit card processing company. Additionally, officials have stated that no medical information was accessed, although numerous patients' payment transaction data such as credit card numbers, names and billing addresses may have been compromised as a result of the breach.

Preventing and responding to data breaches
Remaining in good standing with governmental regulatory committees requires hospital IT administrators to focus on two aspects of their cybersecurity protocols: prevention and response. With the numerous strains of malware in existence today and the rate at which hackers are launching cyberattacks, retaining a 100 percent successful prevention rate is by no means easy, but it is essential that IT officials do everything in their power to pursue this goal.

To that end, they should ensure that each machine under their watch is updated with the latest security settings including the most current threat lists for their antivirus software. Downloading and installing these updates for each workstation can be an arduous and resource-exhausting exercise, but the process can be made much more efficient with a system restore application. Instead of needing to implement security updates on each individual computer, IT administrators can change the settings of each machine from a single display. In addition, they can download the latest patch releases to address any lingering vulnerabilities in their systems that could be exploited by a malicious program. Not only will this feature help IT personnel ensure that every machine on the network shares the same up-to-date security settings, but it will free up resources to pursue other ventures that could benefit the institution.

Properly responding to a potential data breach is just as important as taking effective steps to prevent it from happening in the first place. Quickly identifying and reacting to a cyberattack is imperative if hospital officials want to appease regulatory entities and assuage any patient fears regarding the integrity of sensitive information stored on the institution's databases. This requires a great deal of oversight to spot performance fluctuations that might indicate that one or more workstations has been infected with malware. Once IT teams have established which computers and directories have been compromised or illegally accessed, hospital officials can go about notifying the affected parties as well as applicable government agencies. According to the Department of Health and Human Services, healthcare administrators HIPAA penalties often become more severe the longer an institution waits to address a breach, so it's in the best interest of an organization to get ahead of the situation and react as quickly as possible.

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.