12 Best Practice Tips to Keep Health IT Environments Secure

What are the best practices to keep health IT environments secure?

On an individual basis, there are many steps healthcare institutions should take to protect themselves from cyber threats. In our technological age, data is only increasing in value, and the big red target painted on healthcare organizations necessitates those institutions be proactive regarding the security of their IT environments. Here are some basic things organizations can do to increase security:

1. Change passwords quarterly and retain a high difficulty level.

2. Always install updates and patches from Microsoft and Apple for your appliances.

3. Retire legacy machines and outdated technology.

4. Remove dormant users.

5. Separate public and private networks.

6. Setup an active directory for centralized user management.

7. Enforce mobile security with mobile device management.

8. Adopt multi-factor authentication (i.e., Duo).

9. At a minimum, abide by the HIPAA guidelines.

10. Ensure all users have individual accounts.

11. Structure user accounts with restrictions and hierarchies for classified information. (Janitors, receptionists, and clinicians shouldn’t all have the same level of clearance to access information.)

12. Finally, backup, backup, backup! In this day and age, it is critical to have a tested backup separate from your network to ensure data integrity, confidentiality, and availability. These backups should be regularly updated and saved either on a secure cloud system or on a closed server, which is left disconnected from the internet when not in use.
    
    In case of a disaster (i.e., a weather-induced power outage or a cyber-attack), institutions musthave a plan B. Whether they like it or not, healthcare institutions are in the target line and need to evolve to combat the increasing threat to their sensitive information and take real action to ensure the security of their health IT environments. The damage incurred after a breach varies widely on a case-by-case basis, but the potential financial costs, incurred fines, negative media coverage, and loss in consumer confidence leave enough at stake that healthcare institutions need to start focusing on preventative measures, not remediation.