It doesn’t take much for cybercriminals to gain access to a network. A click of a link in an email. The opening of an attachment. A visit to a compromised website. The use of outdated software. A lack of proper security software. The list goes on.
Once cybercriminals breach your network, immense damage can occur. At a minimum, you may need to go partially or entirely offline. In a worse scenario, they may steal sensitive financial and/or clinical data.
Recovering from a breach can be a slow process, and an expensive one at that. Expenses can add up quickly when you take into consideration the cost of:
- investigation,
- remediation,
- patient notification (and coverage for potential identify theft and credit monitoring),
- legal fees,
- regulatory fines, and
- business interruption and associated loss.
To help keep your surgery center’s network secure and cybercriminals at bay, consider performing regular information technology (IT) audits. These audits, which examine your IT systems and software, can help identify security weaknesses.
Here is a checklist of some critical IT security-related questions to answer. Speak with your internal IT director and/or outsourced IT vendor to ensure each audit area is addressed.
Network Security Protection
- Do we use anti-spyware software?
- Do we use anti-malware/malware detection software?
- Does our security software filter malicious code from websites?
- Does our security software process emails through anti-spam and anti-virus filtering?
- Do all servers and workstations have the proper security software installed?
- Is security software current/updated?
- Do we have processes to keep security software current/updated?
Firewall
- Do we have a firewall installed?
- Is our firewall configured securely? (Note: If the firewall is using factory default settings, it is likely not secure.)
- Is the firewall functioning as designed?
Network Access
- Is all remote access to the network authenticated and encrypted?
- Do we use physical security controls to prevent unauthorized access to computer networks and data?
- Do we have access controls in place with role-based assignments?
Internet Access
- Do we have internet access restrictions in place?
- Do such restrictions block potentially harmful websites?
Wi-Fi Access
- Is Wi-Fi configured to prevent unauthorized server access?
- Is Wi-Fi configured to provide public internet access without server access (i.e., a second setup)?
Software Updates and Patches
- Do we have a process for receiving notices of available security patches and upgrades?
- Do we have a process for installing and testing critical security patches?
- Do we have a process for identifying software that stops receiving support?
- Do we have a process for effectively replacing software, if necessary?
Security Assessment/Testing
- Do we have a process for performing regular testing of our cybersecurity measures?
- Do we have a process for performing an annual, full system security assessment?
- Do we have a process for effectively responding to security incidents (e.g., hacking, viruses, and denial-of-service attacks)?
Be Diligent
Cybercriminals are lurking, waiting for an individual or organization to make a mistake. While you can’t keep cybercriminals from targeting your ASC, you can make your center a less appealing mark. Ensure network security is a priority. This will put you in a better position to avoid breaches, catch potential weaknesses early, and make cybercriminals look elsewhere for their next victim.
Diane Lampron – Director of Operations