If 2014 taught small-business owners in the health care field anything, it's that cybersecurity is of the utmost importance. Last year saw an increase in cyberattacks across the board against small- to large-sized businesses in every industry. Most recently, insurance company Anthem suffered a security breach, which caused 80 million patient records to be released to the public. Such an incident at a large organization should signal to small businesses that it's time to take cyber protection seriously.
Reuters recently reported that security experts have warned this year could be the "year of the health care hack." However, there's much that small health care businesses can do to protect their practices and patient data.
Basic electronic protection begins with encryption. All private patient information stored within the small business's servers or in the cloud should be fully encrypted, creating a barrier between patient data and malicious third parties. While this is a crucial step, it's not enough, according to Modern Healthcare.
Small businesses should train all staff to use strong passwords, those with a mix of upper and lower case letters and numbers over eight characters long, and follow all information security protocols, which may include ensuring all private information is stored properly where it will be protected by encryption. A strong cybersecurity plan can fall to pieces if it isn't adhered to by all members of the business.
CEO of cybersecurity research firm Securosis Rich Mogull suggested businesses elect a chief security officer. For small businesses, this will likely be the owner, but for medium- to large-size health care organizations, it may be best to hire someone with experience in information security and the Health Insurance Portability and Accountability Act. This person will be a decision-maker for the business, ensuring it's proactive about protection.
In addition to protecting all patient data as much as possible, small health care businesses should ensure they have the proper insurance to cover any claims against them caused by a data breach.