OSIS Insights

Cyber Security

Keep your Practice Safe from Cybersecurity Threats

Posted by Nicole Miller on Nov 30, 2020 11:35:15 AM

Health Centers continually face evolving cyberthreats that put patients and employees at risk.  To assess cybersecurity, health centers should view it as a patient safety enterprise risk and instill it into the existing environment and the organization’s daily governance. To ensure your organization protects patient security and privacy while delivering high-quality care, it is important to align patient safety and cybersecurity initiatives within an organization.  

OSIS Protects your Organization   

At OSIS, security is one of our highest priorities. We have set policies and procedures to ensure that we are exceeding all standards set forth in the HIPAA Security Rules. OSIS employs a combination of industry best practices such as NIST, ISO, PCI, HIPAA, and other vendor guidelines to formulate the best possible security for the environment. We utilize next generation firewalls through Fortinet and next generation antivirus solutions from CrowdStrike. 

For OSIS tserve Community Health Centers with highly protective information, we provide our employees with the resources they need to protect themselves and the Members and Clients they support. We have put together some helpful tips to guide you through the holiday season to protect your organization from unwanted cybercrime.  

Three Tips to Keep your Practice Safe this Holiday Season

1. Quick Response Code Security Concerns 

QR Code

Quick Response Code (QR code) are barcodes that are designed to take a user to a website to aid in product information, videos, and help with touchless payments.  QR codes are gaining popularity fast with businesses adopting touchless transactions during a pandemic and cybercriminals are picking up on this new trend. Fraudsters are quickly capitalizing on the opportunity QR codes present. Combining social engineering with QR codes that can be created in a second, cybercriminals are using QR codes to open victims’ bank accounts and drain it within seconds, install malware, penetrate entire corporate networks, and more.

Anyone can create a QR code easily, fast, and free. Learn here how QR codes work and how to protect yourself from the potential risks with these tips on how to avoid being victimized by QR scammers.  

  • Think twice before scanning and look at all the variables before scanning. 
  • Trust your gut and look for misleading information and offers too good to be true.  
  • For physical QR codes, look for tampering such as a new QR code placed overtop another QR code.  
  • If you do scan a code, make sure you do not enter credentials or personal information unless you know it is the source you are supposed to be visiting.  
  • Personal devices and company issued devices should be updated frequently to ensure proper protections are in place especially on company devices.  
2. Tools to Improve Password Security

Passwords are our keys to the digital world personally and professionally.  Recent reports estimate an average person has between 70 and 80 passwords they need to remember and manage. Do you have a notebook or post its lying around that gives you access to all your passwords? If so, this is a serious problem.  

PasswordThe good news is technology has given us the tools needed to help maintain and create passwords to improve your security and simplify password management. The best way to ensure you have the best passwords across all your accounts is by using a password manager.  A password manager will save you time, frustration and can greatly improve your security by creating only one password. The password manager will do the heavy lifting when creating unique and strong passwords and allows you to only remember one password. If you do use a password manager, make sure your master password is extremely strong and is not written down anywhere unless it is completely secure. 

Password Manager Benefits 

  • No more CREATING passwords 
  • No more CHANGING password
  • Only need to remember ONE password 
  • Inexpensive or sometimes FREE to use 
  • A large suite of SECURITY features to keep your accounts and passwords safe 

Another way to improve your password usage is through a multifactor authentication (MFA) method that can step in to provide an extra layer of identification security. MFA requires users to submit a combination of factors — at least two — to authenticate their identity and gain access to a computer or device. A typical two-factor authentication combination would be a username and password from the user, as well as a token code generated by the user’s smartphone. Many solutions also employ biometric tools, sensing a unique physical character, such as a fingerprint or even retina scanners.  

Creating strong and unique passwords for each of these can be challenging but having a second verification factor would put a malicious attack at a halt.   With a cyber criminal’s ability to find passwords on the dark web or their ability to guess passwords, there is no safety net in a single password anymore. Take advantage of password management tools that can help take your password security to the next level. 

3. Insider Threats

Protecting your practice from insider threats should be considered as well when implementing security risk assessments.  Not all cybersecurity threats are external, in fact internal threats can cause hiccups and even bigger headaches for organization.  Below are examples of the possible insider threats you could see within your organization: 

Careless Carrie could be a hardworking employee but with one simple mistake or lapse in judgement, Carrie could be opening her organization up to a breach.  

Danny the Double-Agent may have been a model employee but may have been approached by an external party with malicious intent. Using his access privileges, Danny is feeding sensitive information to his malicious pal, who will then implement the threat. Danny may intentionally know what he is doing, or he may not comprehend the severity of his actions.  

Disgruntled Debbie may be feeling slighted by her organization over a missed promotion, termination, or job restructuring.  Spitefully, Debbie might expose sensitive data or commit other acts of revenge to the organization that could expose patient or employee information.  

Malicious Michael uses his credentials and access to privileges for his own gain and thinks he will not get caught. 

Whichever character you might find in your organization, it is important to be aware of each type to detect a risk when you see it.  

Health Centers are on the frontlines during the pandemic, but we are all on the frontlines to cyber security. While protecting patient data and delivering high-quality care, we have learned that it is important to align patient safety and cybersecurity initiatives within an organization. The best defense we can initiate is to continue our training efforts and instill it into the existing environment and governance of your organization. 

Resources: Breach Secure Now

Topics: Community Health Center, FQHC, Cybersecurity