Highlights from HHS' Cybersecurity Newsletter and What it Means for Your Healthcare Org

Published in Member Communities on November 13, 2018

Did you know that the U.S. Department of Health & Human Services publishes regular cybersecurity newsletters for the healthcare industry? If you’re new or missed the last quarter’s newsletters, we are here to get you caught up on the latest security precautions and threats to your healthcare organization.

Key Takeaways:

Software Vulnerabilities and Patching

Software runs computers and all electronic devices, including medical ones that your organization relies on every day. Unfortunately, mistakes in the software happen throughout its life. This can pose a security threat, also known a bug, which hackers recognize as an easy target. It gives them easier access into protected health information if the vulnerability is not remedied by patching. This serves as a great reminder to do your due diligence by making sure the appropriate patching is completed on a continual basis.

Disposing of Electronic Devices and Media

The life of security devices is short, so you are likely replacing them every three to five years. It is essential that organizations understand the threat that is posed if electronics and media are not disposed of properly. Spending time and money to take the necessary measures will save organizations hundreds of thousands of dollars in the long run, should cybercriminals get their hands on PHI (Protected Health Information). It is something that may make your business unrecoverable. Do you have a robust disposal plan in place?

Securing Electronic Media and Devices

With the increasing mobility of technological devices, maintaining security of sensitive information can be challenging. Laptops, hard drives, memory cards and tablets are likely pivotal for your organization’s development. It is important to revisit your security procedures in relation to electronic media and devices. If physical access to any of these devices is not restricted, it is time to reevaluate how you protect patients.

Your Next Steps:

Software Vulnerabilities and Patching

Now that you know how important patching the bugs in your software is, you may be wondering how to ensure you are doing it correctly. After you have had a risk analysis performed on your software, it is important to have an expert in patching handle your software. The reasons for this are twofold.

First, you want to make sure they are patching every threat to security. Second, they must be able to fix data instabilities as a result of patching. Changing the code of your software may cause it to run slower than it had previously. An expert in the field will be able to minimize unwanted consequences after they run through the proper series of patching steps. (Evaluation, Approval, Deployment, Verification and Testing).

Disposing of Electronic Devices and Media

It is time to make or renew your procedure for replacing devices. Each device needs to be completely cleaned before disposal, which means removing any and all information before recycling or disposing of the item. To double check it has been done correctly, have a security professional do a clean sweep. Be sure to keep a record of all devices that have been eliminated and the dates they were removed.

Securing Electronic Media and Devices

The size of your organization impacts your storage procedures. If you do not have many devices, you may be able to physically safeguard media. However, an added layer of security for small and large organizations is to invest in management software that tracks all devices and their security measures in place. If you have a risk analysis performed, you will learn the best way to do so for your unique organization and budget. The management software is able to identify security breaches and assist you in managing any breach before it becomes a widespread threat to all devices.

We are happy to expand and answer any questions you may have related to these top topics in security right now. Reach out to learn more about a risk analysis for your healthcare organization.

comments powered by Disqus

From Our Experts

6 Ways to Make CPAP Repair Less Painful thumbnail 6 Ways to Make CPAP Repair Less Painful In this episode, we visit with Ronda Buhrmester, Sr. Director of Payer Relations & Reimbursement for VGM & Associates, and Dan Meyer, Chief Revenue Officer for Repair Authority, about providers' most pressing questions about CPAP repair and how Repair Authority has the solutions providers are looking for. Jurisdictions B and C: Claim Payment Alert 151 MUE Incorrect Processing thumbnail Jurisdictions B and C: Claim Payment Alert 151 MUE Incorrect Processing CGS Administrators recently sent out a news alert for Jurisdictions B and C. They aware of a claim payment issue in which some claims may have applied Medically Unlikely Edit (MUE) values incorrectly on the dates September 23, 2020 and September 24, 2020 only. Claims may have paid or denied in error as a result. CGS is correcting this issue and has indicated that it is a number 1 priority with them.  For more information, watch Ronda's vlog. HME - Past, Present & Future:  State of the Industry/Benchmarking Update thumbnail HME - Past, Present & Future: State of the Industry/Benchmarking Update I was honored to recently present at the 2020 HME News Business Summit, which was held Sept. 15-17, and, due to COVID-19, in a first-time “virtual” format. My session included a series of data, trends and analysis as to the state of the industry from 2010 to the present, and included financial and operational highlights from supplier submissions applicable to their 2019 results. Here is a summary of the presentation. Helping Your Employees Rebuild and Find Happiness thumbnail Helping Your Employees Rebuild and Find Happiness Every employee has a different set of circumstances coming at them, especially so far in 2020. While taking care of our employees, we still have businesses to run. To be successful, the best leaders will start with their employees. How do you help your employees to rebuild themselves and also find happiness? DMEPOS Warriors: Michael Tracey with Aspirus At Home Medical Equipment thumbnail DMEPOS Warriors: Michael Tracey with Aspirus At Home Medical Equipment VGM & Associates always enjoys highlighting our members who are a shining example of excellence in DME. The current business environment can be difficult to navigate and generating revenue can sometimes be a challenge. However, Michael Tracey shares with us how he helped lead Aspirus At Home Medical Equipment to success and provides tips for how Aspirus generates revenue. 10 Ways to Keep Your Employees Engaged During a Pandemic thumbnail 10 Ways to Keep Your Employees Engaged During a Pandemic In this episode, we sit down with Arienne Martinez, director of training and development for HOMELINK, a division of the VGM Group. Arienne chats with us about her recent article that was featured in the latest VGM playbook, “Protecting Your Most Important Asset: Your People,” about keeping your employees engaged during the pandemic, especially with much of the workforce working remote. Medtrade 2020 in Atlanta Now a Virtual Conference thumbnail Medtrade 2020 in Atlanta Now a Virtual Conference Medtrade 2020 in Atlanta recently announced that their in-person event has been canceled. They will be hosting a virtual conference in its place, November 4-5, 2020. Post-Pandemic: The Rise of Post-Acute Care, Key Panel Takeaways thumbnail Post-Pandemic: The Rise of Post-Acute Care, Key Panel Takeaways Clint Geffert recently moderated a panel for the HME News Business Summit with the industry's largest players that discussed the role HME providers played in keeping patients with milder cases of COVID-19 in their homes and acting as the pressure-release valve for overwhelmed hospitals. The panelists did such a nice job answering these questions (and more), Clint shares the key points that he took away from the session.