Mom & Dad were right…
About so many things, really. But do we listen?
We all learned from someone, whatever your experience of your parental units was. Blood-related or not. Many of the things they said went in one ear, and out the other. Mostly because they said those things over and over again. When we were young, we didn’t understand how important those nuggets of parental wisdom were.
Each day, I go through my Twitter feed, looking at issues and trends. It struck me how some of that parental advice can apply to healthcare information security. Here are three:
Cleaning your room means that you should put everything where it belongs when you aren’t using it. Clothing should be hung, folded neatly in drawers, or in the hamper if dirty. Toys put in the toy box. And books put back on the bookshelf.
Keeping your “HIT room” clean should be treated the same way. Consider basic password security. Your passwords are your digital fingerprints. You are responsible for when your password is used to access Protected Health Information (PHI). Whether you used the password, or not. Never leave your password where someone other than you can see, or find it. If someone uses your password to look at PHI, that you shouldn’t be looking at, you will be at fault.
Choosing passwords you can remember is becoming more and more difficult. Especially with password requirements becoming increasingly complex. A sticky note is a BAD password storage choice. An option is a digital password manager app, on your smart device. There are many out there to choose. Check out a few, to see which meet your, and your organization’s security needs.
Turn the light off when you leave the room
Your technology is always evolving. You are always looking for the best tool to use. When old web pages become obsolete, or you no longer use web plugins – get rid of them. They can be vulnerabilities caused by unused code.
Becker’s Health IT & CIO Review reported on a California health system that had a data breach of 9k patient records. This breach was a result of an unused website being hacked. They caught it quickly, set up a call center for patient questions, and offered free credit monitoring for one year. They did the right thing to fix the problem, but it cost them. Costs for data breaches can be in the millions of dollars, including both fines and corrective actions.
Don’t take candy from strangers
When you were little, Mom & Dad told you not to talk to, or take candy from, strangers. Not all strangers are bad. But all it takes is one bad guy to hurt you. And when you are hurt or kidnaped, your entire family is devastated. Imagine your entire EHR and all of your PHI being kidnaped.
Email from unknown senders, especially with attachments, is just like talking to strangers and taking candy from them. Most are harmless. But all it takes is one infected email to kidnap a health system’s EHR with Ransomware. You can help prevent this by not opening emails from unknown sources, and not opening attachments that don’t have to do with your job.
“How many times do I have to tell you?”
Ever hear that one? Yep, me too. And really, the answer is pretty simple. Sometimes we just need to be told often enough, that we remember when we are alone and dealing with security. Protecting passwords, getting rid of digital back doors, and not opening email attachments from unknown sources seem simple enough.
They are simple to do, and simple to forget to do, too. That’s why we need to remind ourselves, even our entire organization, daily.
OK, now remember what I told you, and get out there and play.