How to Secure Internet Connected Devices in Healthcare?

Cyber Crime. What is it?

Cyber crime is any crime that is committed electronically. This can include Theft and Fraud as well as other serious offenses.

Why should you care?

Crime is a danger offline and on!
Cyber Self-Defense basics can go a long way to keeping you and your data out of the hands of malicious cybercriminals.

Last week’s theme of Cyber Security Awareness Month was “Securing Internet Connected Devices in Healthcare.” Even if your programs do not deal with healthcare data, you should always be aware of what would be considered protected healthcare information as designated by the Health Insurance Portability and Accountability Act (HIPAA) standards.

So, what is HIPAA exactly?

The HIPAA Privacy Rule establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically. The Rule requires appropriate safeguards to protect the privacy of personal health information and sets limits and conditions on the uses and disclosures that may be made of such information without patient authorization.

Why is it important to understand what data is considered “protected”? 

Several types of information fall into protected categories. Credit card data and Social Security numbers fall within PCI-DSS (Payment Card Industry Data Security Standards). Personal Identifiable Information or PII (examples of PII include full name, Social Security number, driver’s license number, bank account number, passport number, and email address) falls within the realm of ever-increasing privacy legislation. By understanding what information is considered protected, we can ensure we not only have the proper security controls in place but also have an increased awareness when dealing with this type of data.

What can we do to ensure the information we are working with is safe and secure?

1. Be Alert to Impersonators. Never share information over the phone or send protected information through email, chat, SMS, etc. unless fully authorized as part of the work process and have positively established the identity of the intended recipient
2. When it becomes a requirement to send information via the aforementioned media, make sure the data is fully encrypted using the latest approved standards
   
3. Safely Dispose of any Personal Information.
4. Always Keep Passwords Private. Never share your credentials with anyone! These are for you and you alone. If someone commits a cybercrime using your credentials, it will look as if you are the malicious actor. 
   
5. Don’t overshare on Social Networking sites.
6. Work with Security and IT to ensure all requisite security tools are installed on your system. This will protect you and from exposure and potential attack.
   
7. Be Wise About using Wi-Fi. Secure you home Wi-Fi router.

We hope that this information proves beneficial and provides you with the requisite tools, increasing your awareness in our fight against the constant threat of cybercrime.