Question: Our practice hasn’t updated its computers in a few years and we have had a few viruses in our system, which makes us worry about viruses that could compromise our protected health information. Are the old computers to blame?
Codify Subscriber
Answer: The issue is probably not your old computers, but instead old software. Many viruses and ransomware attacks are aimed at practices that haven’t updated their software — and, not keeping up with the latest software patch ended up being a liability.
Consider this: The first step in healthcare security is following trends and engaging certified IT staff who know how to keep your practice in the tech loop. Here are a few pointers that will discourage a ransomware takeover of your servers:
- Update your software when it prompts you to instead of letting it lag behind. Cyber criminals will try to sneak in when your guard or programs are down.
- Back up your files to an external hard drive.
- Take advantage of cloud-based technologies and storage, preferably with a verified third-party vendor with experience in HIPAA security.
- Check logging and monitoring records of your networks often.
- Don’t open emails from unknown sources and if you suspect phishing or any other kind of social engineering, alert your IT director immediately.
- Adopt and maintain strict policies about not accessing websites from the work stations on the practice management/electronic records platform. If necessary, have a separate laptop or desktop computer that is not connected to the office’s network for “personal” use or business use for accessing vendors, searching for ICD-10 codes, or other services. “Walling off” your key business software from other internet uses is a smart practice.