Jeffrey I. Ziplow, MBA, CISA, CGEIT

A decade ago the medical world was both upended and thrown a curve ball to eliminate paper medical records and only utilize computerized records. The Digital Age has brought medical records online for easier access and much more streamlined patient tracking; it has been a truly “disruptive innovation” for the entire medical industry, and most agree that the benefits of having these vital records stored electronically have brought improvements to the system.

Unfortunately there is a downside—security threats from cyberattacks and those who seek to steal vital, protected information. This is a problem that is not at all unique to the health care industry, but in this particular case, medical practitioners can find themselves incredibly vulnerable and in harm’s way if the proper precautions aren’t taken to protect them.

Think about what is at risk. There are few things more deeply personal than individual medical records. This information includes medical histories of patients, often dating back for most (if not all) of a person’s life and containing everything from medical conditions to medications to private insurance information. When this kind of information gets into the wrong hands it can be disastrous, causing chaos and panic for patients and medical professionals, not to mention resulting in HIPAA and state compliance violations.

This is the risk of living in a world of instant information and worldwide digital access. Every day there are hundreds of attempts to breach information and gain access to protected personal information. There is no way to stop people from trying to cause harm, but there are ways to be prepared.

Regular Security Risk Analysis—It all begins with readiness. A strategic assessment of IT equipment, of all security measures and of exactly what information is being stored on servers or in the Cloud—and what needs to be protected—is the perfect starting point for sealing off medical records from outside hackers. This is fundamental to securing information for any business environment, but imperative for electronic medical records.

Workforce Awareness—There needs to be a cultural change in all medical offices involving awareness of these threats. Sadly, many security breaches occur as a result of unintentional carelessness by employees—such as responding to a phishing email, leaving laptops or tablets unattended or not being diligent in regularly changing security codes and passwords. Employee training and education must include intensive efforts to increase awareness of cyberattacks and knowledge of the simple steps people can take to mitigate risk.

Simulating “Hacking Drills”As with any crisis prevention strategy, simulations of certain disasters can be very helpful in testing existing security measures and learning where improvements are needed. Offices and hospitals that run drills and put themselves through artificial crisis scenarios can be much better off than those who don’t. As such, a “controlled” penetration test and/or phishing attack could help identify holes in security practices and protocols.

Encryption—This is a procedure in which, in the event that some outside criminal does in fact breach a medical office’s security walls, the information kept inside of them is rendered indistinguishable and useless. Encryption is essential in keeping hackers from electronic medical records, and one of the most valuable tools in the cybersecurity toolbox.

Electronic medical records are an innovation that has greatly helped the overall medical industry, and both patients and medical practitioners have benefited from improved access. But with this improved access comes an urgent need to protect it. Medical professionals who take the appropriate steps now to ensure the cybersecurity of medical records will find themselves on much safer ground moving forward.

How BlumShapiro's Cybersecurity Team Can Help:

Could your organization be vulnerable to a cyber attack? What is your current exposure? How would your business continue to function in the event of a breach? Our cybersecurity experts can help you address the vulnerabilities and risks your organization faces against cyber security threats. Remember, the costs of developing a security strategy you feel confident about are minor compared to the potential financial and reputation risk if an attack or breach occurs. Learn more about our services >

Litigation Support Services

Advisors | Auditors | Consultants | CPAs – BlumShapiro is one of the premier consulting firms in New England and a Top 100 CPA Firm in the U.S. Our professionals serve companies in Boston (MA), Hartford (CT), Cranston (RI), Shelton (CT) and Quincy (MA) with technology consulting, business valuations, litigation support, project management, process & controls and bankruptcy consulting services. We are a Intacct Partner offering accounting software including Cloud ERP solutions. Learn more about our City of the Future offerings.