PrivaPlan President David Ginsberg led three sessions at the Colorado Rural Health Care’s (CRHC) annual conference in Colorado Springs this week, addressing rural hospital and clinic administrators, primary care providers, and quality and technical staff.
Ginsberg, who also serves as CRHC Senior Advisor, presented on Meaningful Use, MIPS and MACRA Updates and Network Auditing for HIPAA Compliance. He also led a Cyber Security Panel with two PrivaPlan team members, Lil Sonntag and Ron Bebus, and that’s the session we’ll cover in this post. The PrivaPlan team discussed several issues that challenge IT departments.
“Right out of the gate, 15 to 25 percent of your employees fall prey to a phishing email that looks like it came from a credible source,” said Ginsberg about phishing tests conducted by PrivaPlan. After reviewing the results with staff, follow-up phishing tests usually drop to about eight percent of employees being duped. But don’t celebrate just yet, because as he pointed out, “In security, one percent is too high a failure rate.” Part of the problem is that employees continue to multi-task at their computers and absentmindedly click on bad links. Phishing tests are a good way to get these employees re-focused and keep your data safe.
Failure to have endpoint protection provides another gateway for hackers. Endpoints are every single device that is connected to the network. From an ultrasound machine in the radiology department to a printer on the CEO’s desk, each item must be accounted for and secured. “Hackers will look for every way to get into your organization and you should too,” said Bebus. PrivaPlan has a tool that finds and scans every endpoint for vulnerabilities and therefore helps you stay at least one step ahead of the bad guys.
As simple as it sounds, simple passwords make it simple for data to be compromised. Keep passwords strong and keep them hidden. Sonntag shared that during some of the walk-throughs she does for PrivaPlan, she’ll open desk drawers and find passwords written on notepads. Fail.
Do you know how many times your front desk person has looked at a patient file? Or when and why? If you audit your systems regularly you do. PrivaPlan can help with that too.
The conference wrapped up Friday and Ginsberg and team are back on the road doing what they do best, helping you stay HIPAA compliant. If you have questions, they’ve got answers. Reach our team at email@example.com or call 877-218-7707.