By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
As we wrapped up National Cybersecurity Awareness Month, we’re taking a look at the importance of protecting your physical devices. The panic that sets in when you misplace your phone or laptop is overwhelming. But that feeling is amplified if that device contains patient information or access to it.
When we mention your physical devices, this can include a variety of hardware. The most common items are your mobile phone, laptop, notebook, tablet, and smartwatch. It is also worth noting that removable media like flash drives are also included. These do not have to be work-issued devices to present a risk if stolen or misplaced. While your work devices would be more likely to allow illegal access to patient data, your personal ones may have emails or other links that provide cybercriminals with important information.
Smart Practices
While you can’t entirely eliminate the risk of theft or loss, these habits and practices should be in place to mitigate the dangers:
- Keep your devices locked with a strong password or passcode
- Use biometric options when available
- Enable cloud/offsite backup of data
- Use device-tracking apps
- Keep your devices secured during transport or travel
- Do not leave your devices unattended
- Sign off of programs when not in use
- Enable multi-factor authentication
Physically securing your devices as best possible is not fail-safe when it comes to theft. However, if a criminal should gain possession of the hardware, creating an additional level of security for data is critical. This is why behaviors like strong passwords and multi-factor authentication should be standard practices.
If Lost or Stolen
Should you find yourself in a situation of theft or loss of equipment, there are steps that you should take immediately. Always notify your IT department as soon as you are aware of the loss. Do not hesitate. The faster that you let them know, the quicker they can take action to secure the device. There are often methods in place to disable access and erase the data remotely. And if you were utilizing data backup, they can likely recover any data that was on the device. You should also notify your HIPAA Security Officer.
Be Proactive
As a healthcare business, you must conduct a Security Risk Assessment. This should include an inventory of devices as well as plans for recovery if lost or stolen. Protecting the sensitive information that you have access to is not just for the benefit of your business and patients, but also for HIPAA regulation. Even if a lost device was for personal use only, if, in the wrong hands, it could lead to access to sensitive information.
This article was originally published on HIPAA Secure Now! and is republished here with permission.