Notice that we didn’t use the word “if.” It’s the unfortunate reality we live in. The web connects people from around the globe. And for the most part, that’s a good thing. But a certain percentage of people will always misuse it for their own best interests. And you have to protect your healthcare company from those cyber criminals, or you’re going to experience some devastating consequences.
You may have heard from some people that storing your data in the cloud, while convenient, may not be a secure thing. But it can be if you take the right steps.
If you want to store data on the cloud, follow these best practices:
1. Encrypt Your Data
This one sounds so basic, but it bears repeating because many organizations continue to ignore it. You should use 256-bit AES to protect all data in the cloud. But remember, that doesn’t protect that data while it’s transmitted from one source to another. For that, you want to use SSL protection.
2. HIPAA Compliance
Believe it or not, many, perhaps even most, healthcare organizations don’t protect patient data as HIPPA outlines. That can cost you fines up to $1.5 million! Unfortunately, we can’t cover the entire topic here because it’s really an entire series of blog posts. You should at least ask your IT support team, whether outsourced or in-house, if they pay any attention to this. And if you’re not in compliance or have no awareness of its requirements, it’s time to sort things out now.
3. Strong Passwords
Again, another simple change here. But it does end up hurting many healthcare organizations.
Your password policy should require:
• Passwords at least 8 characters long
• A combination of letters, numbers, and special characters
• Changes every 30-60 days
Yes, that gets inconvenient for your users because they have to remember different passwords and will definitely forget them from time to time. How should your employees store their passwords safely and securely? They should use a password manager like LastPass. However, they still need to remember their password for that. They should keep the password somewhere on their person (and not on a device they bring to work) – where IT staff or other employees could never find it.
There’s nothing amazing or fancy about security. Whether in the Cloud or your IT Network, security all boils down to consistency, discipline, and routine testing. If you do those things, that will take care of your cloud security and you won’t find yourself making local or national headlines, and having to explain to thousands of patients how you have lost their private data.