By: Beth Hunkeler, Director IT, Dayton Physicians Network
Small organizations generally do not have dedicated information technology (IT) and security staff dedicated to implementing cybersecurity practices due to limited resources, but they are no less subject to cyberattacks. Staff may consequently have limited awareness of the severity of cyber threats to their organization or their patients.
Conducting day-to-day business usually involves the electronic sharing of clinical and financial information with patients, providers, vendors, and other players to manage the practice and maintain business operations. Always practicing good security practices, helps to improve your practice and patient information safe.
Just as healthcare professionals must wash their hands before caring for patients, healthcare organizations must practice good cyber hygiene in today’s digital world by including cybersecurity as an everyday, universal precaution. Like hand washing, cyber awareness does not have to be complicated or expensive. In fact, simple cybersecurity practices, such as using strong passwords to access your computer systems, always logging off a computer when finished working, being cautious when getting e-mails from unknown providers and not clicking suspicious links or providing your credentials are all things you can do to keep your practice safe.
Many practices utilize a third-party IT support or cloud service provider to maintain operations. Given the complicated nature of IT and cybersecurity, these third-party IT organizations can be helpful in identifying, assessing, prioritizing, and implementing cybersecurity practices. Your IT support providers should be capable of reviewing the practices which are most applicable to your organization. Optimizing risk management involves technology, processes, and people. You have to address each one of those aspects. You could have the very best technology and processes in place, but if you haven’t helped people understand their roles in security, you have a big gap. Awareness training is critical to protecting your assets.
