Follow Rob Linkedin Facebook
Email Rob Email
Financial
Sep 29, 2021

Writing a Prescription for Cybersecurity

Sponsored Content provided by Rob Duggan - Director of Technology Risk Advisory Services , Earney & Company

Hacking, ransomware and other cybercrimes can seem like threats to only large medical practices and hospitals until you eyeball a U.S. Department of Health and Human Services report on breaches of protected health information.
 
In North Carolina, recent breaches of email, network servers and electronic medical records occurred at a range of large and small facilities – university medical centers, surgical practices, labs, skin centers and dentists’ offices.
 
Cybercrime trends reported by the North Carolina Department of Justice show information security breaches are expected to double this year from the 1,644 cases reported in 2020. And these figures are only a fraction of actual breaches – many are not reported due to legal liability and reputation concerns. 
 
One aspect of cybersecurity that medical practices and other businesses often fail to understand is that cloud technology providers – firms that many businesses trust to help protect them from online threats – are often victims of cybercrimes themselves and their software is used to infect their clients’ systems.
 
So how can a medical facility best protect itself?
 
Click here for a white paper on this topic, but see below to get started. These recommendations may sound a little familiar to medical professionals?...
 

  1. Get an annual physical — A qualified cybersecurity firm that specializes in healthcare compliance can assess your systems and ensure quick information recovery and limit expenses if a breach occurs. This assessment should be done by a firm other than your IT provider to ensure it’s an independent assessment.
     
  2. Check your vitals — Review the security of your vendors and your agreements with them, particularly those handling electronic medical records. Failure to document the understanding of vendor security controls and “justifiable reliance” could result in being held liable in the event of a vendor breach of your patient records. 
     
  3. Run advanced diagnostic tests — The cyber threat environment has changed dramatically in the past five years. A firewall and antivirus software are no longer enough to protect your network.  You should use additional security applications such as Endpoint and Network Detection & Response to monitor network traffic, computer and user activity to quickly detect anything suspicious. 
     
  4. Educate on prevention — Your team should be aware of threats and how to avoid them. Set up recurring cybersecurity awareness training and simulated phishing campaigns (low cost applications available) to make sure employees know not to click on anything coming from outside the practice unless they are familiar with the sender’s address.
     
  5. Keep excellent records — It is critical that your data is backed up regularly, including point-in-time recoverable and secure full backups.  In the event of a successful ransomware attack, the point-in-time recovery ability can enable the practice to roll back systems to a date prior to infection for minimal business interruption.
     
  6. Have the right insurance coverage— You should have a separate cyber insurance policy to cover fines, legal costs, data recovery and other possible exposure. A rider on your general liability policy is not enough. It’s also important to know that cyber insurance is not a substitute for security measures. In fact, if proper controls aren’t in a place that the insurance policy requires, it is unlikely to payout. These checklists can be exhaustive, and the best way to ensure compliance with them is an independent assessment of your controls by a qualified and experienced cybersecurity and compliance professional.

 
Rob Duggan, CPA, CIA, CISA, CHC, CISSP leads Technology Risk Advisory Services for Earney & Company. He is a graduate of NC State and has over 20 years of information security and privacy experience. Rob has developed the information security audit function for top firms and Fortune 1000 companies and has worked in over 25 countries during his career. Rob served national healthcare organizations as Internal Audit and Compliance Officer for 7 years prior to returning to Coastal Carolina to build a practice in Wilmington in 2019. Rob most enjoys helping organizations stay protected with cybersecurity as well as business process improvement work. Rob is a Certified Public Accountant, Certified Internal Auditor, Certified Information Systems Auditor, Certified Information Systems Security Professional, and holds a Certificate in Healthcare Compliance. Rob is a frequent speaker on cybersecurity nationally & within the Wilmington professional community and serves on the Board of Advisors for UNCW’s Center for Cyber Defense Education.
 
 

E&cocolorlargelogo
Ico insights

INSIGHTS

SPONSORS' CONTENT
Screenshot2022 01 06at338 162234623

Inclusive Connections - Transforming our Community With One Mind

Girard Newkirk - Genesis Block
Mc2 56882

Landing Whales Requires A Larger Ocean With More Food

Scott Byers - Majestic Kitchen & Bath Creations
Headshotrosaliecalarco 1182131047

AARP Launches Online Resource Center to Help Protect Veterans Against Rising Fraud Free Resources Identify Top Scams Facing NC’s Military Community and Ways to Fight Back

Trending News

Holly Childs Resigns As WDI Head

Vicky Janowski - May 26, 2022

Aswani Volety Named New UNCW Chancellor

Johanna Cano and Johanna Still - May 26, 2022

Wilmington-based Realty Group Announces Changes

Cece Nunn - May 27, 2022

Firm To Convert Offices To Warehouse Space After $6M Purchase

Cece Nunn - May 27, 2022

WilmingtonBiz Talk Previewing Summer Tourism Season

Vicky Janowski - May 26, 2022

In The Current Issue

Owners Taking Fermental To New Level

Fermental is one of Wilmington’s more unique watering holes – a bit quirky, but home to many loyal patrons who appreciate its laid-back atmo...


MADE: Making A Cut In Custom Woodworking

A staple in the community for about three decades, the Wilmington custom woodworking shop also features a retail component – a unique featur...


Local Startups Aim To Innovate

Innovation helps set a startup apart from the competition, said Heather McWhorter, regional director of the UNCW Small Business & Technology...

Book On Business

The 2022 WilmingtonBiz: Book on Business is an annual publication showcasing the Wilmington region as a center of business.

Order Your Copy Today!


Galleries

Videos

Trying to Grow a Business?
2020 Health Care Heroes
2020 WilmingtonBiz 100