The Cybersecurity and Infrastructure Security Agency (CISA) is a government organization that leads the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. Their vision is a secure and resilient critical infrastructure for the American people.

Think about the last security training session you attended. Was it boring?

They usually are. Management knows security is important, so they schedule several hours of tedious instruction, trying to improve your approach to security.

That rarely improves security.

How has your practice changed over the past two years?

The pandemic has forced almost every healthcare business to rethink their technology, and make changes sooner than they had anticipated even months before.

According to The Harris Poll survey, 45 percent of physicians say the pandemic accelerated the pace of their organization’s adoption of technology.

IT is changing. It had to after the last two years.

We’ve knocked down our entire approach to work in just twenty-four months and are rebuilding it from the inside out.

With that comes increased challenges with technology. How do you handle those changes?

As a business, you have two approaches for IT support: the break-and-fix method or managed IT services.

Most practices today rely on technology for many different activities. You might stream music throughout to create aesthetics and a calming vibe. Your staff may depend on terminals in various rooms to access the internet or patient files. Even the break room may have streaming capabilities to give people access to their favorite shows.

As a business, you rely on data for just about everything you do. If you’ve ever had the electricity or internet go out for any length of time, you know just how dependent we’ve become on technology.

Now imagine losing your data forever. In one moment - poof! - it’s gone.

As a practitioner, you have a lot on your plate. Seeing patients may be a priority, but it’s not the only job you tackle. Accounting. Payroll. Stocking the breakroom. You might even take the trash out at the end of the day.

But the more you grow, the more people you’ll have to rely on.

Watching the news can leave you doubting your security plans, and wondering if you’ve done enough to protect your IT assets.

Even those businesses that take IT security seriously and stay on top of current trends can fall short. Imagine those companies that don’t.

A recent Cybersecurity Magazine study found:

43 percent of all data breaches involve small and medium-sized businesses
61 percent of all small businesses reported at least one cyber attack during the previous year
83 percent of small and medium-sized businesses are not financially prepared to recover from a cyber attack
91 percent of small businesses haven’t purchased cyber security insurance and are unaware and unprepared to deal with security breaches

Are you starting to feel uncomfortable?

Today’s state of the internet

Over the past decade, we’ve moved from on-site systems to cloud-based applications.

For a short time, the world returned home. Work, school, personal time - everything we did was inside the walls we call home.

No matter how careful we were with data while we were in a secure work environment, the lines became fuzzier as we co-existed with partners and kids.

Video is becoming a big part of our lives.

We post short clips on our social media feeds.
We store live data in our security systems.
We use telehealth practices to meet with patients.
We market our practices with stories and information.

Is all of that data HIPAA compliant?

Understanding HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) requires all healthcare organizations and practices to ensure the privacy of their patient’s protected health information (PHI). At all times, no matter what type of information is gathered, healthcare providers must ensure personal data covered by HIPAA isn’t released or compromised without proper approval.