Make sure to secure the device before it connects. Your healthcare organization’s internal network may be secure and HIPAA compliant, but if you’re looking to add remote patient monitoring (RPM) services or allow your employees to work remotely, you could be putting your network at risk. Step into the Cybersecurity Corner to learn some of the vulnerabilities remote connections can expose and how to protect your network from harm. Protect Patient Data and Your Network As helpful as RPM devices are to providers monitoring their patients’ conditions in real-time and making telehealth possible, the devices also pose a security risk to a healthcare organization’s network. “RPM relies on devices that are broadly referred to as the internet of things (IoTs). Most of these devices are not designed with security in mind. As a result, they are susceptible to vulnerabilities and malware exploitation,” says Funso Richard, CISA, CISM, CDPSE, CCSFP, information security officer, Ensemble Health Partners, in Cincinnati, Ohio. IoT devices constitute almost any device that can connect wirelessly to a network and the internet. These devices include smart speakers, smartphones, smartwatches, medical sensors, and fitness trackers. IoT devices are so commonplace that users may not realize the internal components can just as easily be compromised. “RPM devices have chips that execute as a computer. The chips that are associated with RPMs have the same vulnerability as CPU, GPU, and TPU,” says Eddie Hearns, MA, CPMA, CPC, Approved Instructor, of OLDME CPC LLC. As a result, RPM and telehealth devices carry several risks for healthcare organizations: If your organization is looking to employ RPM devices, prioritizing security should be the main concern. “The equipment that’s used for telehealth must be compliant and state of the art. The same problems with technology and data security are escalated because now you are introducing the IoTs into the environment,” Hearns says. Fortify Endpoints to Secure Your VPN If you’re considering allowing your employees to work remotely from their home offices, then they’ll need to be able to access important information to cross items off their to-do list. “As more users work remotely and need to connect to the internal network and systems, virtual private networks (VPNs) make this possible by providing secure connectivity,” Richard says. VPNs are incredibly important to establishing a secure external connection from an employee’s device to a healthcare organization’s internal network and data. However, like many technologies, VPNs have their own vulnerabilities, which include: Create Complex Passwords to Safeguard Your Resources Passwords are an essential piece of the puzzle to keeping access to protected health information (PHI) and user accounts safe from unauthorized access and disclosure. However, too many users are unaware of or are negligent of proper password policies. In fact, “80 percent of data breaches in 2021 occurred because of weak or reused passwords,” Richard says. “The stronger a password is, the better protection it affords,” he adds. A user’s password should be complex and lengthy, which makes it harder for a hacker to figure it out. Tips for creating a secure password include: Add more pieces to the puzzle: A strong password is an excellent step in protecting your healthcare organization’s data, but multifactor authentication (MFA) adds greater security. Used together with the user’s password, MFA adds extra layers of protection to the sign-in process, so the user can be securely granted access to internal resources. Depending on the MFA application, the user may need to supply a password or personal identification number (PIN), a badge or smartphone, or biometric verification (fingerprint). For example, your IT team could configure VPN connectors to request MFA before establishing a connection with internal systems. This will help ensure the correct device is making the connection while also securing the endpoint connection. Get Everyone on the Same Page Even if your IT team has secured RPM devices before they go home with patients, secured laptops and VPNs before your employees start their shift at home, and established a solid password policy with MFA is in place, your staff should remain vigilant to protect the healthcare organization’s internal network and data. “The toolkit of the hackers is fairly sophisticated and constantly changing,” Hearns says. He adds that the ideal strategy for any organization is to establish a strong business continuity plan. In addition to regular backups, strong network security, and cybersecurity policies and procedures for staff to follow, a business continuity plan should include plenty of training to ensure everyone in the organization is aware of a hacker’s tricks.