Here are five ways to stop a cyber criminal from infiltrating your EHR.
One step to protecting your EHR is to know that every piece of software has a useful life, like with the Windows platform, said Kelton. When the EHR vendor updates its software, about every three years, it’s a good time to consider investing in new hardware.
Most of the people who make their money from criminal activities are serial bad actors, said Lee Kim, director of privacy and security at the Health Information and Management Systems Society (HIMSS). What's more is that many of them are never prosecuted. That’s why it’s so important to check out the backgrounds of potential consultants and employees.
“It can alleviate a lot of heartache, simply doing a background check,” she said. “It could be that someone was fired, but they were never criminally prosecuted,” added Kim.
Kelton recommends that practices do an annual training on security awareness, but shouldn’t stop there. Security training should be ongoing -whether that’s at regular staff meetings or in emails to staff or posters in the break room, he said.
Kim recommends using a spam filter to block certain attachments that are known to contain malware, which is software that’s intended to damage or disable computers and computer systems.
Since a lot of cybercrime originates outside the U.S., your practice might also want to consider preventing anyone from outside the country from sending you email, she said.
Breaches are often underreported or the organization impacted by the breach takes a significant amount of time to report it. Kim said that’s largely because employees are worried about losing their jobs if they report a breach. That’s why she recommends that practices make sure employees know it’s safe to report breaches.
Time and money matter when it comes to preventing a cyberattack. If you don’t allocate enough time or resources to update software patches and updates to your EHR, your practice could be vulnerable, said Jim Kelton, managing principal at Costa Mesa, Calif.-based Altius Information Technologies.