Healthcare records are bestsellers on the Dark Web, ranging in price from $250 to over $1,000 per record. The ever-growing profitable market for Protected Health Information (PHI) attracts sophisticated cybercriminals. PHI is preferred by cybercriminals because it’s easy to sell and contains information that is harder to cancel or secure once stolen.

Not only are there HIPAA security requirements (Security Rule), implementing security measures may just save the organization from a HIPAA Breach.

A few areas in the organization to address security include:

  • Antivirus on all servers, workstations, laptops
  • Encryption for all portable devices and all emails containing electronic Protected Health Information (ePHI) or sensitive data
  • Updating all computers and devices with the latest software patches
  • Storing ePHI and sensitive data on network drives and not on the local workstations (desktop, downloads, documents, recycle bins)
  • Upgrading all end-of-life devices immediately (Windows XP, 7, servers older than 2008 R2)
  • Installing secure remote connections that utilize AES-256 encryption

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!