Pipeline hack drives home importance of cybersecurity planning in healthcare

Healthcare was the industry with the highest average data breach cost — for the tenth year in a row.

If data is compromised, what tools does your practice have available? What’s the best way to manage other cybersecurity planning needs, such as storage and prescription transmission through an EHR platform?

"Finding ways to outsource security to the experts is key to being able to keep up,” said Ethan Bing, Practice Administrator with Medical Colleagues of Texas. “I think that's why our partnership with using Greenway Secure Cloud for Intergy has been so important.”

Building the foundation for healthcare data security

The first step is to ensure a strong foundation. Ask vendors these cybersecurity questions to determine whether your data security needs align:

1. Is the vendor insured? For how much? Understand the vendor’s ability to cover potential damages.
2. Is support in-house or outsourced? In-house support may provide better continuity, while outsourced support could lead to communication issues.
3. Does the vendor understand your business? You want to partner with a cybersecurity expert that understands your business, how to remain compliant, and the challenges that come with the territory.

Healthcare information security tools to protect against a data breach

When evaluating risk mitigation, ask your prospective IT vendor what tools it will use to deal with a data breach. Here are some key questions to ask:

1. What’s in the vendor’s security toolbox? What security measures are available to assist in the event of a potential breach? The vendor may take preventative measures that stop a malicious attack from being executed or reactive measures as part of a protocol following an attack.
2. What security controls will the vendor use to maintain and secure your environment? Find out how the vendor will secure your environment. How often will it review and test its software?
3. If there is a security incident, what will be the vendor’s role? Understanding the role your vendor will play in an incident will help you determine the extent to which you or anyone else will need to be involved.

“Cyberattacks will continue, but security consultants and trusted vendors can help evaluate your practice’s security risk and provide recommendations for improving your company’s defense.”

Brian Bobo, Greenway Chief Information and Security Officer

Trusting your healthcare data backups

Backups are building blocks for any security response and recovery plan. A challenge with backups is they can distribute sensitive data, including patient information, through other systems, creating a new set of risks and concerns. Ask your vendor these questions about backups:

1. Will the vendor perform backups of all servers? Consider what’s being backed up — just the application data or the entire server. Also, find out if the backups will be encrypted. If so, who has the keys? Make sure you won’t lock yourself out.
2. What is the backup schedule? How far back will you be able to restore data? Minutes, days, weeks? The answer will help you understand how often you should back up data.
3. Are the backups tested regularly? The most critical aspect of a backup strategy is testing and executing regular tests of the system.

Protecting patient data: On premise or the cloud?

Do you prefer your system to reside locally or on the cloud, and why? With a cloud-based EHR solution, you can hand off the risk to another entity that can also maintain the system, monitor recovery, and take on additional data security responsibilities.

Learn more: Greenway Secure Cloud.

Other cybersecurity planning considerations

When you select a vendor, consider the risks of a situation as simple as the receptionist’s workstation not functioning. How will that affect check-ins, collections, and other daily operations? Also consider the bigger picture. How is the organization likely to respond in a high-stakes healthcare data security situation such as a breach?

Find out how long the vendor has been in business. That goes for the organization itself, as well as the tenure of its engineers and other staff members.

Learn more: How Greenway’s data security tools can strengthen your cybersecurity planning.