Cybersecurity is everyone's responsibility. In this article, we share a few tips to help better protect you, your ASC, and your patients from malicious cyberattacks.October is Cybersecurity Awareness Month, and it serves as a good reminder that while we all need to be vigilant, health care providers are even more at risk as they are being specifically targeted by cybercriminals.
From a cybercriminal’s point of view, healthcare providers are a high reward target due to a “perfect storm” of variables: high-stakes work; the potential for widespread security vulnerabilities; and an increased willingness to pay demands to unlock data. In just the first five months of 2021, the U.S. healthcare sector saw 48 targeted ransomware incidents. It is important to note that this figure represents only those identified and reported, and a single incident can impact numerous facilities.
To help better protect yourself and your ASC, we are sharing two sets of tips in this post: one geared towards the role ASC Administrators hold in cybersecurity, and the second set of tips contain good reminders for all ASC personnel. Both are intended to help promote awareness during Cybersecurity Awareness Month of steps you can take to protect your ASC.
Security Tips for ASC Administrators
Let's begin by reviewing three key security tips for surgery center administrators.
1. Set strict access controls
Access control refers to the policies and procedures an ASC employs to regulate who or what can view or use resources in the organization, both physical (e.g., medical records rooms, inventory, servers) and digital (e.g., computer networks, system files).
You can tighten your ASC’s access control by adopting practices such as complex password requirements, mandatory password reset cycles, and multi-factor authentication (MFA). An additional method of protection is to implement "least privilege access.". This is a practice of restricting user information access to only those resources necessary to perform job responsibilities. For example, one of your ASC’s clinical employees may not be able to access coding or billing information.
2. Consider implementing cloud-based ASC software
With on-premise client/server software architecture configurations, the ASC often bears the responsibility for security, data backups, server networks, and hardware, and the centers often lack the people or monetary resources to adequately keep ahead of emerging cyber threats.
For surgery centers that use cloud-based solutions, such as SIS Complete, they’re able to hand over much of the heavy lift of software security and other management responsibilities and allow the vendor partner to provide advanced processes and technologies to monitor and respond to cyber risks as well as implement proactive solutions that can help thwart efforts by cybercriminals.
Hesitant about moving to the cloud or just looking for a deeper understanding of its benefits? We invite you to register for our upcoming panel, “Cloud Computing for ASCs,” on October 20 from 3-4 PM ET. You can register here.
3. Educate and train your team
You can have top-of-the-line security systems in place at your ASC, but your organization’s data is still only as secure as the people accessing it. Education and training are critical to protecting your ASC’s IT systems because users are typically the weakest link in the IT security chain.
It’s important to develop and deliver comprehensive, ongoing security training for every employee and physician at the ASC. There are many companies that provide security training technology and programs, including some that provide programs specifically designed for healthcare providers, and include anti-phishing, simulated attacks, and interactive security awareness training.
Security Tips for ASC Staff
A significant part of cybersecurity awareness is stressing the role that individuals play in protecting their organization’s data. Share these seven tips with your staff to encourage personal accountability and to help decrease your ASC's cybersecurity risks.
1. Think before you click
Since the COVID pandemic began, cybercriminals have increasingly taken advantage of remote workers and organizations.
Slow down. Be wary of emails, text messages, or chat boxes that seem suspicious. Do not open attachments from any email you are not expecting. Learn the warning signs of dangerous phishing and social engineering attempts.
2. Lock down your login
Strengthen your system password requirements. Encourage or require the use of long and unique passphrases for all accounts. Never ever re-use passwords across systems and applications.
3. Connect to a secure network when accessing any work accounts
If working remotely, home routers should be kept up to date with the most current software and secured with a lengthy, unique passphrase. Employees should not be connecting to public Wi-Fi from corporate-issued devices.
Note: Be aware of the differences as well as the risks and benefits of using public and private Wi-Fi connections.
4. Prioritize secure storage of devices
In addition, set devices to auto-logout if you step away from the device for an extended period. Don’t forget to lock a device or workstation if you step away.
5. Limit access to devices you use for work
Only the approved user should use the device. Family and friends should not use a work-issued device.
6. Use company-approved/vetted devices and applications
Use only approved tools that have been vetted by your company’s security and IT teams. Do not substitute those with personal or preferred tools when collaborating on or completing tasks.
7. Keep your software updated
For all your devices, such as phones, tablets, and other network-connected devices, ensure your IT team keeps them current with the manufacturers’ latest security releases to better protect your data and the ASC.
Following cybersecurity best practices take time, but doing so is worth it to help ensure that you, your ASC, and your patients are protected from malicious cyberattacks that can jeopardize your business, your reputation, and protected health information.
About Cybersecurity Awareness Month
Now in its 18th year, Cybersecurity Awareness Month, formally known as National Cybersecurity Awareness Month, is an annual collaborative effort between government and industry that works to increase the understanding of cyber threats and empower the American public to be safer and more secure online.
For more information on Cybersecurity Awareness Month, visit the Cybersecurity & Infrastructure Security Agency (CISA) and the National Cyber Security Alliance (NCSA).
ASC Cloud Computing Roundtable
Learn more about how to protect your ASC. Please join Dr. Paul Alcock, director of information security, and Bobby Roberts, senior vice president of development, for SIS on October 20 at 3-4 PM ET for an in-depth conversation around what it means for ASCs to be “in the cloud.” If you can’t attend the live program, please register and we will notify you when the recording is available. To register, click here!