Feature | August 05, 2014 | Lysa Myers How Can Doctors Practice Better Security? Being lax with security can have a long-lasting impact on all patients Editor’s note: Lysa Myers began her tenure in malware research labs in the weeks before the Melissa virus outbreak in 1999. She has watched both the malware landscape and the security technologies used to prevent threats from growing and changing dramatically. She enjoys explaining security issues in an approachable manner for companies and consumers alike. Over the years, Myers has worked both within antivirus research labs, finding and analyzing new malware, and within the third-party testing industry to evaluate the effectiveness of security products. As a security researcher for ESET, she focuses on providing practical analysis and advice of security trends and events. Social Security numbers are often required for insurance purposes, and these can be used to steal a person’s identity, which can be a lot more problematic to correct than someone stealing your credit card. Physicians and insurance companies also gather a patient’s name, physical address, phone numbers and maybe an e-mail address. The black market for this sort of information is mature and robust, and criminals can expect a big payday if they target healthcare providers that are unprepared and unaware of the value of the information they are storing. Encrypt everywhere: As said earlier in the “layered defenses” tip, encrypting is a very simple and effective way to safeguard data. When we have something that is valuable, we lock it up when it is not in use. The same is true with data; valuable information should be encrypted whenever it is not directly in use. That means when it is in storage, it should be encrypted. When it is being accessed or sent over the network, it should be through an encrypted connection. Having encryption from “end to end” minimizes criminals’ ability to get any useful data, even if they do manage to breach your other defenses. Most of us think retail stores are the obvious choice for cyber criminals looking to wreak financial havoc. While Target retail stores stole the data hijacking headlines late last year, only 13 percent of the reported breach incidents in 2013 were in the retail sector, while 45 percent were in the medical field, according to Privacy Rights Clearinghouse (PRC). According to the HHS “Wall of Shame” where HIPAA violations are reported, more than 30 million records have been exposed between September 2009 and June 2014. Go beyond passwords: If you are protecting a lot of patient data, a password alone may not be enough. Consider implementing two-factor authentication. This can be a biometric such as a fingerprint or a one-time passcode that is provided via a small digital key card or fob, or even a smartphone app. You can also increase your password security by upgrading your password to a passphrase — a short sentence is much more difficult to crack than a single word, and it can still be easy to remember. Each of your digital devices should be protected with a passcode or biometric, with a short time-out setting. That way, if one falls into the wrong hands, the data is not easily accessible. Create layered defenses: While your security department may have robust protection for your network, mobile devices and cloud computing can make boundaries very foggy. It is important to protect data, as well as devices. Do not expect that because your company has security products that this will protect you against everything. Many times lost or stolen devices or login credentials are all criminals need to get into a network. Make sure you have a good quality anti-malware suite, including a firewall, on all devices that you use to access or discuss healthcare information (do not forget Android tablets, Mac computers and Windows machines). Be sure to keep your security software and malware definitions updated. Any important data should be encrypted both in storage and any time it leaves your machine, such as via e-mail or on devices such as smartphones or USB sticks. Do not discuss patient information on unencrypted channels such as SMS texts. Update early and often: Regular updates of all software is one of the most important things you can do to minimize the vulnerabilities criminals use to get into your machines. And, vendors often provide updates at no cost to you. When you get a notice from your vendor, be sure to go directly to the vendor’s website or a reputable app store to get the update as soon as possible. Some malware will pretend to be a software update warning, so this is an important step. Do not let that nagging update notice go unheeded. News | Radiology Business | August 01, 2019 Philips Completes Acquisition of Carestream Health’s HCIS Business … read more Feature | Information Technology | July 31, 2019 | By Greg Freiherr How Smart Devices Can Improve Efficiency Innovation is trending toward improved efficiency — but not at the expense of patient safety, according to… read more Choose to protect your own device: Having the ability to use a mobile device to check on your work-related information whenever and wherever you are is a huge boon for responsiveness. But it also leads to a host of problems, as those devices are easily misplaced and they are less apt to be protected from malicious access. More and more offices are offering employees the choice of a mobile device, one that IT staff can scan for problematic apps or links, or remotely wipe in case the device is lost or stolen. If you are not offered this, you can still get many of the benefits with free or low-cost apps. Anti-malware scanners on Android devices can help you avoid problematic apps and links, and device-finder apps that can also wipe data from lost devices are available for all smartphone operating systems. News | PACS | August 09, 2019 Lake Medical Imaging Selects Infinitt for Multi-site RIS/PACS Infinitt North America will be implementing Infinitt RIS (radiology information system)/PACS (picture archiving and… read more Good security should not make doing your job impossible: With a variety of small changes, the effect on your ability to do work should be negligible. And the effect of maintaining your patients’ trust by protecting their data will certainly make your job easier. News | Electronic Medical Records (EMR) | August 01, 2019 DrChrono Teams With DeepScribe to Automate Medical Note Taking in EHR DrChrono Inc. and DeepScribe announced a partnership so medical practices using DrChrono EHR can use artificial… read more The CT scanner might not come with protocols that are adequate for each hospital situation, so at Phoenix Children’s Hospital they designed their own protocols, said Dianna Bardo, M.D., director of body MR and co-director of the 3D Innovation Lab at Phoenix Children’s. Sponsored Content | Case Study | Radiation Dose Management | August 13, 2019 The Challenge of Pediatric Radiation Dose Management Radiation dose management is central to child patient safety. Medical imaging plays an increasing role in the accurate… read more Did you know that medical data on 20,000 people could be exposed to abuse today? According to the U.S. Department of Health and Human Services (HSS), that is the number of people whose protected health information was breached per day on average in 2013. While healthcare practitioners may not realize the value of the data in their care, criminals certainly do. Clinicians and nurses may feel wary of security measures that might slow them down, but there are ways to improve security that will not cost precious moments in an emergency situation. Being lax with security can have a long-lasting impact on all of your patients, not just those with emergencies. FacebookTwitterLinkedInPrint分享 News | PACS | August 08, 2019 NetDirector Launches Cloud-based PDF to DICOM Conversion Service NetDirector, a cloud-based data exchange and integration platform, has diversified their radiology automation options… read more News | Artificial Intelligence | August 08, 2019 Half of Hospital Decision Makers Plan to Invest in AI by 2021 August 8, 2019 — A recent study conducted by Olive AI explores how hospital leaders are responding to the imperative read more Practice the principle of least privilege: The principle of least privilege simply means that no person, machine or system should have access to things they do not strictly need. For instance: If you use a personal device at work and at home, you can create a separate profile for each location. And if you share that device with other people in either place, you can create a separate guest account that does not have access to your sensitive information. Key Topics for Radiology Administrators at AHRA 2019Video Player is loading.Play VideoPlayMuteCurrent Time 0:00/Duration 7:33Loaded: 2.15%Stream Type LIVESeek to live, currently playing liveLIVERemaining Time -7:33 Playback Rate1xChaptersChaptersDescriptionsdescriptions off, selectedCaptionscaptions settings, opens captions settings dialogcaptions off, selectedAudio Trackdefault, selectedFullscreenThis is a modal window.Beginning of dialog window. Escape will cancel and close the window.TextColorWhiteBlackRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentBackgroundColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyOpaqueSemi-TransparentTransparentWindowColorBlackWhiteRedGreenBlueYellowMagentaCyanTransparencyTransparentSemi-TransparentOpaqueFont Size50%75%100%125%150%175%200%300%400%Text Edge StyleNoneRaisedDepressedUniformDropshadowFont FamilyProportional Sans-SerifMonospace Sans-SerifProportional SerifMonospace SerifCasualScriptSmall CapsReset restore all settings to the default valuesDoneClose Modal DialogEnd of dialog window.Close Modal DialogThis is a modal window. This modal can be closed by pressing the Escape key or activating the close button. News | Artificial Intelligence | August 05, 2019 Montefiore Nyack Hospital Uses Aidoc AI to Spot Urgent Conditions Faster Montefiore Nyack Hospital, an acute care hospital in Rockland County, N.Y., announced it is utilizing artificial… read more Technology | Cybersecurity | August 07, 2019 ScImage Introduces PICOM ModalityGuard for Cybersecurity ScImage Inc. is bridging the gap between security and functionality with the introduction of the PICOM ModalityGuard…. read more Related Content Obviously credit and debit card information is useful for criminals, and most doctors’ offices and insurance companies accept both forms of payment from patients. But electronic health records may include other information that is useful to criminals as well. Videos | Radiology Business | August 02, 2019 VIDEO: Key Topics for Radiology Administrators at AHRA 2019 Association for Medical Imaging Management (AHRA) President … read more Now What?The bad news is that breaches are a very real and scary thing. The good news is that there are simple things you can do, as a healthcare practitioner, to protect that important data. Here are a few things that will help you improve your security without impeding your ability to respond to patients quickly. Watch out for leaky data: Wi-Fi is becoming a fact of life — there are free hotspots available wherever you go these days. But that public Wi-Fi can be an easy way for attackers to eavesdrop and snag your data in transit if it is not properly secured. It is best, if you are using Wi-Fi when you are out and about, to avoid accessing or transmitting sensitive information. If you do need to do so, it is very important to make sure the connection is encrypted. Using a VPN can help you create a private network connection between your own personal devices and work resources. When connecting to the Internet or office network from unfamiliar places, consider using your smartphone’s 4G connectivity or a 4G hotspot instead of sketchy public Wi-Fi. What Motivates Cyber Criminals?You may be wondering what data healthcare practitioners have that is all that interesting to criminals. Are people really profitting by stealing records of little Johnny’s ear infection? Not necessarily, though insurance fraud and blackmail certainly do happen. It’s less often the specific details of treatment, but rather the treasure trove of information that electronic health records (EHR) contain that can be sold on the black market to perpetrate identity theft and financial fraud. While federal rules and regulations (namely the Health Insurance Portability and Accountability Act of 1996, or HIPAA) exist to help healthcare practitioners protect data, compliance with those rules does not necessarily equate with security.