Highlights from HHS' Cybersecurity Newsletter and What it Means for Your Healthcare Org

Published in Member Communities on November 13, 2018

Did you know that the U.S. Department of Health & Human Services publishes regular cybersecurity newsletters for the healthcare industry? If you’re new or missed the last quarter’s newsletters, we are here to get you caught up on the latest security precautions and threats to your healthcare organization.

Key Takeaways:

Software Vulnerabilities and Patching

Software runs computers and all electronic devices, including medical ones that your organization relies on every day. Unfortunately, mistakes in the software happen throughout its life. This can pose a security threat, also known a bug, which hackers recognize as an easy target. It gives them easier access into protected health information if the vulnerability is not remedied by patching. This serves as a great reminder to do your due diligence by making sure the appropriate patching is completed on a continual basis.

Disposing of Electronic Devices and Media

The life of security devices is short, so you are likely replacing them every three to five years. It is essential that organizations understand the threat that is posed if electronics and media are not disposed of properly. Spending time and money to take the necessary measures will save organizations hundreds of thousands of dollars in the long run, should cybercriminals get their hands on PHI (Protected Health Information). It is something that may make your business unrecoverable. Do you have a robust disposal plan in place?

Securing Electronic Media and Devices

With the increasing mobility of technological devices, maintaining security of sensitive information can be challenging. Laptops, hard drives, memory cards and tablets are likely pivotal for your organization’s development. It is important to revisit your security procedures in relation to electronic media and devices. If physical access to any of these devices is not restricted, it is time to reevaluate how you protect patients.


Your Next Steps:

Software Vulnerabilities and Patching

Now that you know how important patching the bugs in your software is, you may be wondering how to ensure you are doing it correctly. After you have had a risk analysis performed on your software, it is important to have an expert in patching handle your software. The reasons for this are twofold.

First, you want to make sure they are patching every threat to security. Second, they must be able to fix data instabilities as a result of patching. Changing the code of your software may cause it to run slower than it had previously. An expert in the field will be able to minimize unwanted consequences after they run through the proper series of patching steps. (Evaluation, Approval, Deployment, Verification and Testing).

Disposing of Electronic Devices and Media

It is time to make or renew your procedure for replacing devices. Each device needs to be completely cleaned before disposal, which means removing any and all information before recycling or disposing of the item. To double check it has been done correctly, have a security professional do a clean sweep. Be sure to keep a record of all devices that have been eliminated and the dates they were removed.

Securing Electronic Media and Devices

The size of your organization impacts your storage procedures. If you do not have many devices, you may be able to physically safeguard media. However, an added layer of security for small and large organizations is to invest in management software that tracks all devices and their security measures in place. If you have a risk analysis performed, you will learn the best way to do so for your unique organization and budget. The management software is able to identify security breaches and assist you in managing any breach before it becomes a widespread threat to all devices.

We are happy to expand and answer any questions you may have related to these top topics in security right now. Reach out to learn more about a risk analysis for your healthcare organization.


comments powered by Disqus

From Our Experts

Understanding Enrollment Status, Assigned vs. Non-Assigned, and the ABN thumbnail Understanding Enrollment Status, Assigned vs. Non-Assigned, and the ABN A major part of business development is understanding your payer mix and which products and services should be reimbursable versus cash sale items. What could you bundle together in your offering to expand business—specifically items that can be sold for retail alongside your reimbursable items? You might not necessarily offer everything right now, but these are the areas you can look to expand into. This resource outlines how to navigate reimbursement to help grow your business. U.S. Rehab Tech Training at Heartland Addresses All Levels of Experience thumbnail U.S. Rehab Tech Training at Heartland Addresses All Levels of Experience Complex rehab providers attending VGM's 20th Heartland Conference will have the opportunity to increase their expertise in repairing and programming complex rehab wheelchairs as part of U.S. Rehab's Tech Training. VGM & Associates Releases Customer-Centric Playbook thumbnail VGM & Associates Releases Customer-Centric Playbook VGM & Associates has released the third installment of their 2021 quarterly playbook series, which contains insight and best practices for making your business customer-centric. Heartland Session Sneak Peek: Procurement, Inventory Management & Cash Flow thumbnail Heartland Session Sneak Peek: Procurement, Inventory Management & Cash Flow Get great advice and more during the Heartland Conference Panel: Procurement, Inventory Management & Cash Flow moderated by Gerry Finazzo. During this session, attendees will learn how to identify ways to improve purchasing practices, mitigate inventory liability, identify ways to increase cash flow and lower activity costs. An Inside Look with Clint, Episode 8: VGM Government thumbnail An Inside Look with Clint, Episode 8: VGM Government President of VGM & Associates, Clint Geffert, sat down with John Gallagher, vice president of VGM Government, to discuss how VGM Government helps VGM members navigate the complexities of the legislative process and the importance of grassroots advocacy in the HME industry. Member Spotlight: Shelly Hoover, President and Co-Founder, and David Hoover, CEO and Co-Owner of Vets First DME, LLC thumbnail Member Spotlight: Shelly Hoover, President and Co-Founder, and David Hoover, CEO and Co-Owner of Vets First DME, LLC Vets First DME began at the intersection of preparation and opportunity, with a dash of circumstance. Read more about the amazing Hoover family as they combined the family's knowledge and experience to start Vets First DME, LLC. CMS Announces 90-Day Extension For CRT Manual Wheelchair Accessories thumbnail CMS Announces 90-Day Extension For CRT Manual Wheelchair Accessories CMS announced a 90-day extension of the suspension of the application of Medicare Competitive Bidding Program pricing to CRT manual wheelchair accessories. The current policy will stay in place through October 1 and there will not be any payment cuts or claims processing changes. Don't Allow Medicare Advantage Plans and MCOs Take Advantage of YOU! thumbnail Don't Allow Medicare Advantage Plans and MCOs Take Advantage of YOU! The HME supplier has always had challenges in getting paid timely and accurately for the items and services they provide to their customers. This is an assumed cost of doing business but the HME supplier still does this because of the reward of taking care of their customers. But nothing has challenged the supplier as much as when a customer has a Medicare Advantage Plan or an MCO.