Security challenges and data privacy continue to be leading concerns for healthcare organizations. Now that an individual medical record can go for an average of $363 on the black market, hackers are zeroing in on the healthcare market as a significant opportunity for income.
Recently, Hollywood Presbyterian Medical Center paid a $17,000 ransom in bitcoins to a hacker who seized control of the hospital’s computer systems and would only give back access once the ransom was paid.
At Netgain, we get asked regularly for security resources like what security products we recommend and what practices need to optimize the security of their ePHI. We’ve compiled a list of preferred security tools and products we’ve used and would recommend to practices looking to enhance their security. Here’s our top 3 product recommendations in each category:
Antivirus is a staple for any device transmitting data of any kind. Antivirus software protects your devices from being attacked and losing personal information, files or ePHI. There are many good antivirus software products on the market – here are a few of our top choices:
- Good: These options are great for home or business use and are affordable for small practices: Kaspersky, F-Secure and Sophos. They have limited capabilities, relative to our “Better” and “Best” options, though.
- Better: Microsoft Security Essentials – If you’re protecting devices with a Microsoft Windows Operating System, Microsoft Security Essentials is a great option. Because Microsoft builds both the antivirus and the operating system, integration is better and fewer security issues are created as a result of seamless integration.
- Best: Bromium – Our top recommendation pays no attention to if malware runs, but creates a significantly isolated environment for every application. Compromised applications have no access to sensitive information.
Application and internet whitelisting are both recommended security tools for any healthcare practice. Whitelisting tools take an inverse approach to anti-virus, whereas they allow only named applications and internet sites and block the rest.
Here are some whitelisting tools to consider:
- Good: At an attractive investment of about $20, CryptoPrevent is great for Windows home users.
- Better: Microsoft Applocker provides effective whitelisting capabilities, but is not considered to be user-friendly and can be burdensome from a management standpoint.
- Best Carbon Black –is agent-based, user-friendly and very effective. This tool is not typically cost effective for smaller practices and considered a premium product as far as whitelisting tools go.
HIPAA’s Security Rule requires that data in motion (email, for example) is adequately protected. Email encryption is the most effective and secure way to protect ePHI in email communication. There are several email encryption options available – here are our favorites:
- Good: sMIME is a free tool, but very burdensome when communicating with multiple contacts.
- Better: Proofpoint allows for some insecure configurations and needs to be more stringently and regularly audited.
- Best: ZixMail offers a suite of security products for the healthcare industry. The secure email platform is more expensive than some products but providers very strong end to end encryption.
Your practice’s security strategy should be guided by your annual risk analysis. Once you’ve evaluated gaps and identified their potential risk levels, you can work with your IT partner to identify how to best secure your practice’s network and your patient’s personal health information.
As with any implementation of new technology tools or software, factor in how this new software will interact with your greater IT environment. It might lead to purchasing new hardware or updating workstations. These considerations should be outlined in your IT roadmap.