HIPAA Compliance Awareness During National Nurses Week 2019

If saving lives and caring for the sick aren’t already steep enough responsibilities, today, the sophisticated world of cybercrime has thrust the healthcare industry, and the medical professionals that work within it, into its crosshairs.

Healthcare and the Digital Workspace

That means on-the-go nurses — with laptops and tablets in hand that often contain sensitive, HIPAA-regulated data — are subject to all the cyber risks that apply to those devices. Healthcare organizations, like all businesses that are adapting to the modern digital workplace, need to see and understand the risks to endpoint devices and the data on them.

In recognition of National Nurses Week and to support all that is asked of these hard-working, caring professionals, here are a 5 tips for how healthcare organizations can apply a cybersecurity-centric mentality to the job.

5 Cybersecurity Healthcare Tips

  1. Educate all staff — To mitigate the risk of employee mishap and misuse, train staff on the importance of data security. Implement a well-communicated policy on how and when to report missing devices, suspicious email trends and device irregularities and maintain enforceable repercussions for intentional infractions. Read: Healthcare Cybersecurity and Data Security in 2019 for insight into this year’s top threats.
  2. Help the C-suite understand — Appoint a CISO or Data Protection Officer to be responsible for your organization’s data security. This person should oversee HIPAA compliance initiatives and ensure data security is a regular topic at Board meetings.
  3. Take back control of your endpoints — When endpoints go rogue or become invisible due to faulty security agents, you need to act fast. Absolute’s proprietary Persistence® technology is embedded in the firmware of more than 70 percent of the world’s endpoint devices. Because it’s the only embedded security solution, it is the only cloud-based platform that maintains a persistent connection to devices, regardless of user behavior or device performance.
  4. Add resiliency to security solutions — The 2019 Endpoint Security Trends Report found that more security does not equate to more secure devices. In fact, much of organizational endpoint security spend is wasted on solutions that simply don’t work due to missing or broken agents or disabled controls. Rather than throwing good money after bad, IT and security teams should instead strive to reduce complexity on the endpoint and focus on ensuring that existing security tools are fortified, more resilient, and less inclined to fail.
  5. Get real about real-time evaluation and response — Your organization should be able to evaluate its security posture in real time to ensure all devices are patched for known vulnerabilities, whether on or off the network. When new vulnerabilities crop up (and they will), your IT team should be in a position to proactively address these emerging threats with data controls and/or patch distribution. According to a Ponemon study, 425 hours are wasted each week by IT teams chasing false negatives and false positives.

Focus on What Works

There isn’t a single checkbox healthcare organizations can make to secure data. Layering on all the security tools in the world won’t guarantee total data security either. Instead, maximize the resources you already have – your people, your processes and your controls. A concerted effort across each of these five areas listed above will provide a solid foundation from which to build for the benefit of patients, medical staff and the organization as a whole.

If you’d like to learn more about how to protect your organization and medical staff from today’s cyber threats, get our latest case study, Apria Healthcare Delivers Secure Health Solutions with Absolute.  And, in great appreciation for all healthcare professionals, we extend our heartfelt thanks.