Health IT Best Practices Against a Burgeoning Cyber-Crime Market
Healthcare organizations and their IT providers have a lot on their plates these days.
Electronic Health Records are highly coveted in the black market. Your private health record is worth more to a hacker than your credit card, and hackers, just like everyone else, go to where the money is, making healthcare organizations a prime target.
This is old news to most healthcare providers. Pretty much anyone who reads the news by now knows what ransomware is and how costly it can be, as was seen earlier this year when the Hollywood Presbyterian Medical Center had to pay a $17,000 ransom to regain control of their computer systems. As a result, IT departments and service providers have been beefing up perimeter defenses with next-generation firewalls, cloud-based disaster recovery, and state-of-the-art endpoint protection.
While most would agree that reinforcing perimeter defenses is not only important but necessary, it still doesn’t fully address the largest threat to data security; employees.
Employees are the largest threat because they hold the keys to the kingdom; passwords. And passwords can be stolen in several ways, most commonly in the form of email scams and other online scams known as “phishing”.
Phishing attacks use social engineering tactics to trick people into willingly sharing their passwords. They have become more sophisticated over the last few years, making easy targets out of even the most tech-savvy employees.
So, how can we eliminate human error from the equation?
Do you educate your employees on how to avoid or detect a phishing attack? Do you implement a password security policy so that all passwords are strong and are changing every 90 days or so? While both answers are correct, they still leave room for error.
Healthcare employees typically work with many passwords, across many applications, and they often must enter their passwords multiple times in a single day. A great way to reduce password loads while increasing security across your entire network is by implementing a single sign-on solution such as AVG SSO.
photo by jk1991, freedigitalphotos.net
AVG SSO combines multi-factor authentication, Identity and Access Management, and Mobile Device Management, making a solution that brings three layers of security, while simultaneously making password policies a lot easier on employees.
To put it simply, an SSO solution greatly reduces the number of passwords you use, and the amount of times you must enter them in a single day. It can also locate, lock, swipe, and deploy mobile apps, ensuring that sensitive data, such as Protected Health Information, are safe and secure when being passed around on smartphones, laptops, and other mobile devices.
At the end of the day, protecting sensitive data and staying compliant is done by having a security strategy that relies on a mix of hardware, software, and policies, and while an SSO tool can’t do all of this on its own, it sure helps take a lot off your plate.