From January 2019 to May 2019, there were 28 data breaches reported every month, approximately half of which occurred in the health care sector. While the total number of breaches in 2019 was less than the total reported in 2018, the average breach last year involved thousands of records, led to negative publicity, resulted in significant losses of trust, and cost companies lots of money. In fact, data breaches in 2019 cost an average total of $3.92 million, or about $150 per compromised record.
All it takes is one data breach to damage your reputation and consume your financial and legal resources for months (or even years). Such errors can also affect your ability to attract new, talented practitioners for your team, further hindering your growth. For these reasons, it’s critical that you take the time to assess your organization’s cybersecurity risks.
Start by considering who has access to your internal information and how all laptops and mobile devices used for work purposes are typically secured when not in use. Remind all employees how important it is to change their passwords and back up protected information frequently.
Speaking of employees, how often do you train your team about the importance of cybersecurity and how to safeguard it? It’s never a bad idea to set a regular training schedule to help refresh everyone’s memories on best security practices. And you should organize a re-education session of some kind whenever a new threat is discovered or a new data breach occurs.
Beyond training, consider testing your team’s knowledge and awareness of cybersecurity protocols on a semi-regular basis by sending test phishing emails. They pose zero risk to your organization and enable you to pinpoint specific training areas that might require more attention.
Establishing a Security Culture
For a security culture to resonate throughout your organization, you need to make sure all management personnel is on board, as well as educate your stakeholders about the need to improve data security and the implications of failing to do so.
To develop a security culture, you need to:
- Identify and fix your data security vulnerabilities. Understand the risks that your organization faces. Identify valuable assets, your current state of security, and your security strategy moving forward. Create a plan for securing your data assets.
- Back up your data. A cloud-based system like GEHRIMED can be very helpful here.
- Develop internal security policies. Consider a hierarchical cybersecurity policy that enables all your employees to be on the same page and allows you to enforce rules that protect data. Make sure the policy takes everyone’s workflows into consideration as well.
- Identify and avoid common mistakes that let hackers in. Do so by offering a robust cybersecurity training for all your employees.
- Keep stakeholders informed about what you’re doing and why you’re doing it. It’s also important to stress to them that plans may be modified along the way as new needs, threats, or issues arise.
- Make sure all employees understand what data security means to patients, the organization, and their jobs. Once they fully internalize this message, it will be much easier for you to enforce compliance throughout your organization.
Last but not least, prioritize your HIPAA risk analysis so every employee understands its importance. The purpose of this assessment is to identify where you’re vulnerable so you can fix those issues. You’re also required to submit proof of the analysis to the Centers for Medicare & Medicaid Services (CMS) to show that data security remains one of your top priorities.
Protect Your Data with GPM
When you use GEHRIMED, a GPM, Corp. product, you can feel more confident about the security of your data. GEHRIMED is both HIPAA-compliant and ONC-certified, and it provides real-time data backups. The mobile application is equally as secure as the desktop application, and because it’s cloud-based, your data is protected even if a natural disaster or another dire situation occurs where data might otherwise be compromised or inaccessible.
What’s more, our expert security team is always working to keep its finger on the pulse of security and privacy issues and developments. For instance, I’m currently studying the use of behavioral analysis to prevent cyberattacks and identify cybercriminals to better serve GPM as its security manager and privacy officer. We use this kind of cutting-edge information to ensure that our products are safe for you to use today and well into the future.
Interested in learning more about data security? Check out Risk Academy for LTPAC Health Professionals, our online video series about data security and related issues.