It has become increasingly clear that cybersecurity is a risk factor in healthcare data. Chronic under-investment in cybersecurity has left so many exposed that they are unable to even detect cyberattacks when they occur.

While attackers may compromise an organization within a matter of seconds or minutes, it often takes many more weeks – if not months – before the breach is detected, damage is contained, and defensive resources are deployed to prevent the same attack from happening again.

Many common threats continue to be problematic in healthcare:

  • Malware and ransomware
  • Cloud threats
  • Misleading websites
  • Phishing attacks
  • Encryption blind spots
  • Employee error

According to, individual healthcare organizations can improve their cybersecurity by implementing the following practices:

  • Establish a security culture (security awareness training)
  • Protect mobile devices (encryption)
  • Maintain good computer habits (firewall, antivirus)
  • Limit network access (software applications)
  • Control access to Protected Health Information (monitoring, auditing users)

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!