search.noResults

search.searching

dataCollection.invalidEmail
note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
DOING BUSINESS


Ban the Breaches Keep your ASC safe from hacking BY JIM TUFTS


Health care organizations worldwide are up against an evolving problem: infor- mation technology (IT) security risk. With a wealth


of digitized personal information, these organizations are enticing targets for malicious hackers. With so many end- points in use, it is easy to see the scope of the danger.


Since 2009, one-third of Americans


have been victims of a health care com- pany breach, according to a March 20, 2015, online article in The Washington Post. The requirement for health care information security is clear. It is time to raise the bar.


Adopt these 10 tactics in your ASC to increase the security around your information and systems.


1. Defend the Perimeter Protecting your perimeter is the starting point for IT security, and having the lat- est Tier 1 firewall is essential. The latest firewall from second tier vendors might be okay for a small office, but not for an enterprise IT operation with electronic protected health information (ePHI) at risk. Your firewall needs to do more today. At the end of March 2016, 93 percent of phishing emails contained encryption ransomware, according to a June 4, 2016, online article on PhishMe. With the rapid evolution of IT security threats, like ransomware and advanced malware, you need pro- active protection and prevention.


2. Defend Your Endpoints You can’t prevent every single breach. If something does get in, you must have defenses in place to protect your team. Endpoint defense is twofold: Tier 1 anti- virus systems and advanced malware protection. Antivirus systems need to know what to look for. Not all antivi-


rus systems are created equal, so recon- figure your system to take advantage of the right feature(s), such as allowing for USB controls and enabling device lockouts. Advanced malware protection guards your endpoints against the more sophisticated threats, like ransomware.


3. Educate Your Team Training cannot be a once-and-done deal, it must be continual. You can have all the systems in place, but if someone gets an email that contains a virus and clicks on the attachment, your systems might be easily breached. Education is the biggest key to protecting your health care IT systems because users are the weakest link in the IT security chain. Train your team to watch out for emails or sites that might seem cred- ible but contain pages, logos or links that have been manipulated. Here are a few suggestions on how to share information and education that will get your teams and clinicians to pay attention. 1. Run a phishing test to see who clicks on malicious links or opens attach- ments, then share the actual possible risk that can be involved if it were a real email containing a virus. Ap- proximately 70 percent of staff typi- cally follow the phishing link in our Information Security Audit tests, so it is a very important piece to train


employees on. Consider giving out a small prize to those who actually come and confess that they clicked on the link or opened the attach- ment. Creating trust that encour- ages information sharing when a mistake is made is important.


2. Add a cyber security tip column to your internal newsletter or com- munications.


3. Get your management team on board to create a video—you might want to consider a silly or fun video—letting your staff know about a cyber security tip.


4. Create cybersecurity training quiz- zes and recognize the folks who receive 100 percent on the quizzes.


5. Persuade your governing body to invest in cyber security by present- ing them with the real repercussion cost scenarios. The Health Insur- ance Portability and Accountabil- ity Act (HIPAA) fines for health care facilities can total hundreds of thousands of dollars, sometimes millions. Ransomware has cost health care organizations addition- al thousands of dollars to get their data back. A larger cost to consider today is the number of facilities that have literally been shut down for weeks because they cannot ac- cess their electronic health record (EHR) due to a ransomware attack.


6. Frequently change passwords. The frequency with which users should change passwords is often debated. There are really two options to consider with changing passwords. Some recommend that passwords be changed as often as 30, 60 or 90 days. However, this security mea- sure is counteracted when users write down the passwords or sim- ply add a digit, making it easy to hack. We recommend you commu-


The advice and opinions expressed in this column are those of the author’s and do not represent official Ambulatory Surgery Center Association policy or opinion. A similar version of this column was published on ICE Technologies Inc.’s web site.


18 ASC FOCUS NOVEMBER/DECEMBER 2016


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34