Home / Blog /Patient Information Security: Where Do You Stand?

Patient Information Security: Where Do You Stand?

by CompuTech City Admin Wednesday, 21 November 2018 CompuTech City Blog

Patient Information Security Your patients depend on you as their medical provider to keep their data safe, and federal regulations require it. We know you already know that. We also know you want to do everything in your power to prevent personal health information from falling into the wrong hands. But, if you’re like many physicians or practice managers, you’re probably just not aware of where your cybersecurity stands.

Most likely, you have anti-virus but aren’t certain you have firewalls, advanced endpoint protection, email filtering or the many other cybersecurity enhancements now available. Worse than being unaware, is if you’re unconcerned because you believe what you do have in place is sufficient to protect your patients.

Hackers’ methods evolve daily. So do defenses against them. You can’t “set and forget” your cybersecurity measures.

If you’re relying on anti-virus or any one solution alone to prevent a cyberattack, you’re leaving wide gaps in your cybersecurity that hackers will be more than happy to exploit to access your patients’ files.

To have the confidence of your patients, your practice should have a cybersecurity strategy called “defense-in-depth.” That means you have multiple layers of security solutions a hacker would have to overcome to access your patients’ data. These solutions don’t have to be very costly, they just need to be done strategically.

To prevent hackers from exploiting those holes in your defenses, you should regularly – at the very least annually – review your cybersecurity strategy, practices and solutions.

3 areas to review for upgrades include:

1. Your cybersecurity strategy. You need to implement an enhanced, defense-in-depth security strategy. If you’re unsure how to develop or update one, contact an IT managed service provider for help.

2. Cybersecurity awareness training. The foundation of any good cybersecurity strategy is informed and security-conscious employees. Again, at least yearly, you should be updating and providing cybersecurity awareness training to your staff. The time it takes out of their day will be far less than that taken out by a successful cyberattack.

3. Physical access to your workstations, servers and other devices. Check the physical security features of where your hardware lives, usually in your office. Make sure unauthorized personnel cannot enter areas where your servers and data are stored. If your data is stored in the cloud, much of this worry is lessened, but it’s always a good practice. Your IT managed service provider (MSP) can help you accomplish this if they aren’t already on top of it.

To elaborate on defense-in-depth, we provide a few more cybersecurity solutions to consider to enhance your practice’s information security.


Cybersecurity solutions aren’t limited to firewalls and anti-virus any more. More important, firewalls and anti-virus are no longer enough to protect your patients’ data. To layer your cybersecurity, you should consider:

1. Advanced endpoint protection. Traditional anti-virus relies on security vendors finding a virus or other malware, assigning it a signature and then pushing it out to its users. Advanced endpoint protection, however, takes a proactive approach by using behavioral clues to prevent attacks. If it detects unusual activity, it stops the activity and reports it to your IT department or MSP.

2. Email and web filtering. You can’t rely on your computer’s spam folder to catch every phishing email. Many such emails now look as professional as those sent by well-known software giants. Email and web filtering solutions can help prevent your employees from dealing with infected emails or possibly visiting malicious sites requesting personal or company information.

3. Back-up and disaster recovery. Back-up and disaster recovery solutions secure you against both hackers and other disasters – manmade or natural. Redundant, geographically dispersed backups of your data will let you recover any data lost in a ransomware attack, fire or hurricane.

4. Cloud-based services. In conjunction with all of the above, cloud-based cybersecurity software as a service (SaaS) solutions and data storage should be at the top of your list of considerations for protecting your data. Cloud-based solutions can allow your practice to continue working after a cyberattack or disaster while on-premises equipment is remediated.

Layered cybersecurity defenses provide multiple barriers of protection against hackers and your patients’ personal data.

These tips should help strengthen your practice’s cybersecurity.

Getting help securing your practice is far less expensive than getting help after a successful cyberattack. As the only medical-focused IT managed service provider in Central Florida, we have 16 years of experience you can draw on to improve your practice’s security.

CompuTech City wrote the book on keeping your patients’ data secure. Literally. Get your free copy and then ask us to review your cybersecurity infrastructure and offer suggestions for improvements.

Check out our social media:
Copyright © 2016 l computechcity.com. All rights reserved.