Any company that keeps digital records of customer data needs to take security seriously. This is especially true for companies like senior living providers, whose data may include medical records, social security numbers, and other pieces of sensitive information above and beyond the phone and credit card numbers that businesses like retailers have to worry about.
In fact, healthcare data may be even more valuable to hackers than financial information, because it can be used for so many different purposes, like obtaining medical services and committing identity theft. For this reason, cybersecurity experts have named 2015 the “Year of the Healthcare Hack.” This designation seems to be coming true -- earlier this year, health insurance giant Anthem reported a security breach that affected between 9 and 19 million people.
How can senior living companies protect themselves from cybersecurity breaches?
Taking the proper precautions to ensure your data is safe will give your residents peace of mind and prevent your business from the headache of hackers.
One challenge for senior living is that there is not an established set of industry-wide best practices for companies to follow. However, the basic tenets of cybersecurity are the same regardless of industry. Here are three things senior living companies can do to protect themselves from data security breaches.
Know the risks in your organization
The first step on the road to keeping your data safe is to understand your risks. According to research by CIO.com, here are the six biggest causes of business security risks:
Careless or uninformed employees
Mobile services (BYOD)
Unpatched or unpatchable devices
Third-party service providers
Half of these -- disgruntled employees, careless or uninformed employees, and unpatched or unpatchable devices -- are things you should make every effort to avoid. The other three, however, are core technologies used in business today, so the key is to learn how to use them safely. For example, ensure that the cloud applications and third-party service providers with whom you contract are using the latest security technologies to keep your data safe. The CIO.com article provides solutions to help you mitigate all of these risks.
Provide security awareness training
In many instances, the biggest security risk isn’t the technology, it’s the people -- for example, employees who don’t lock their workstations when they leave, who have weak passwords, or who use unsecure mobile apps. Therefore, training your employees about cybersecurity -- what the risks are, how to avoid them, and what to do if a breach occurs -- is one of the most impactful steps you can take.
Ensure HIPAA compliance
The best approach to maintaining cybersecurity is to adhere to Health Insurance Portability and Accountability Act (HIPAA) and Health Information Technology for Economic and Clinical Health Act (HITECH) standards. This is especially important for mitigating risk posed by using cloud applications and third-party software.
Here are five questions to ask to help you determine if a vendor is HIPAA-compliant and using the latest security methodologies:
How is the data encrypted, both in transit and at rest?
Where is the data stored? (For HIPAA, data servers must be located in the United States.)
What processes are in place to set and track user permissions?
What processes are in place to track who accesses what information?
What is the response and notification strategy for if a breach occurs?
Senior living providers can’t afford to take security lightly. These three steps aren’t a complete security solution, but they are a solid start toward protecting your residents and your company from security threats.