.jpg)
So, what can you do to keep your company's data safe?
1. Access Control
Who accesses your system is just as important as how they access it. We hope you wouldn't let any old patient walk freely through the halls of the ER. (However, we all know that there are still hospitals where you can walk straight from the front door to the operating room without ever showing a badge or turning a key.)
As a result, ensure that those who have access to your areas do so. That may seem self-explanatory, but consider how many places your keys can get you into. Are those rooms equipped with computers or tablets?
And that is only the most basic level of access. Different people should have access to different types of provider and patient records in terms of cybersecurity. Each of those levels of access should be password-protected.
Now consider your coworkers. You're probably familiar with one of their passwords. How many people are familiar with yours?
2. Create Strong Passwords
Every website has a different (annoying) password requirement. Uppercase, lowercase, punctuation (except that punctuation), and so on. That's probably why you have a few password variations that you use everywhere.
Isn't it easier for someone who knows your password in one place to guess it everywhere?
Who has the same password for everything? Manufacturers. Everything they send out that requires a password begins with a default. So, what happens if a hacker discovers the default password for, say, an internet-connected MRI machine? That hacker has access to any MRI machine that is linked to the internet.
Unless the hospital changed the default password as soon as the machine was acquired.
Change your passwords immediately. (And, no, P4ssw0rD123 is not a safe password.)
3. Understand What You Have
What do you know about the Internet of Things, when it comes to internet-connected devices? Every device that connects to the internet in your hospital must be secure.
And please take note that we did not say "every device that you brought into your hospitals." Every laptop, iPad, and even internet-connected pacemaker that comes through your doors exposes you to a breach.
Make sure all internet-connected devices have unique passwords and network connections and keep an eye on what users are doing on those connections.
4. Update Your Technology
This one is straightforward. The more vulnerable a system is, the older it is. A year's worth of technology has fewer safeguards than something released today, and the further back you go, the more time hackers have had to figure out how to circumvent those defenses.
In the 1980s, there was a documentary about a teenager who almost started WWIII on a primitive computer. Consider what today's hackers could do with those old systems.
5. Prepare For The Worst
Something bad will occur. Sorry, but it will. What you must do as soon as a breach is discovered - whether it was a thief walking out of the hospital with a laptop or an employee accessing patient records on McDonald's wifi (please, please, please don't conduct business on unsecured networks) - report the breach.
Your company must have a plan in place to deal with breaches. And it's not entirely your fault. Discuss it with the IT department, the people to whom you report, and the people who report to you. Learn the best way to admit a breach and what steps to take next.
It does not have to be your fault that the wrong people gain access to your company's or your patients' information. However, if you do not take steps to improve your cybersecurity, it will be.