If you’re a healthcare services provider who utilizes mobile devices in daily operations, you need to ensure the patient data stored and handled by those devices are safe and private. Let's take a look at mobile data security and some of the ways you can keep your sensitive patient information secure.

Why does data security matter so much to healthcare providers?

As a healthcare provider, you’re subject to regulations by the Health Insurance Portability and Accountability Act (HIPAA), which governs how medical data is stored, accessed, and transferred. HIPAA’s objective is to protect patient privacy.

Under this regulation, you’re required to take security measures to ensure your patient data -- including those handled by mobile devices -- are private and secure. If your practice suffers a data breach or fails to comply with HIPAA regulation, you will be subject to heavy fines ranging from $50,000 to $1.5 million.

Some tips to help you stay compliant

It's important to make sure your IT policies and practices adhere to HIPAA standards, and the following is what you have to do:

Risk assessment:

This is required under the HIPAA Security Rule. You must regularly audit your entire IT infrastructure, including the equipment and systems that store, transmit, or handle electronic Protected Health Information (ePHI) as well as your company policies.

Data encryption:

Even though encryption for data “at rest” isn’t required by HIPAA (only data “in motion” is governed), encryption is one of the best ways to ensure data privacy and security. It’s crucial to protect your patient data on all mobile devices with end-to-end encryptions.

Anti-virus software:

All mobile devices need to have the latest versions of antivirus software installed.

Information Access Controls:

It’s recommended that you allow only devices that have security controls to connect to your healthcare data network, and all devices must be scanned before making the connection. For certain data -- especially one that is highly confidential -- you can prevent it from being accessed by certain staff or being downloaded into individual devices.

It’s also a good practice to keep your employees’ personal and work data separate, so when you eventually have to delete ePHI from their devices, you can do so without wiping out your employees’ personal contacts and apps.

In case your employees’ devices are lost or stolen, you also need an app that allows you to remotely delete data stored on mobile devices.

No to SMS:

Never pass ePHI and other critical information via Short Message Services (SMS) since SMS networks are not secure. If you need to send short messages, use secure text messaging apps instead.

Employees:

You need to enforce a secure password policy within your workplace, which compels your employees to create and maintain strong passwords. As for applications, since many apps may contain malware or security flaws, you also need to control which apps your employees can download.

What’s more, public Wi-Fi networks are highly insecure, which means your employees need to be aware that accessing data via these networks are not safe and, if unavoidable, they must use VPN when accessing the data, and use secure text messaging apps to communicate via public networks to avoid communications being intercepted.

It’s also recommended to have regular security awareness training seminars and build a strong, security-focused culture. When an employee resigns, you have to delete ePHI from their devices and terminate their access rights to data immediately.

Healthcare IT security is complex and the stakes of non-compliance are high. This is why it's important to partner with an experienced IT provider who can help protect your data and ensure your practice is compliant with HIPAA standards. Contact us today!

The post Healthcare providers and mobile devices appeared first on Complete Technology Resources, Inc..

A fundamental flaw with WiFi networks has recently been discovered by two security researchers. According to their reports, the KRACK vulnerability renders advanced encryption protocols useless and affects nearly every wireless device. Read on to find out more about KRACK hacks and how you can defend against them.

What is KRACK?
Simply put, KRACK, short for ‘key reinstallation attack,’ allows hackers to bypass WPA2 -- a security protocol used by routers and devices to encrypt activity -- and intercepts sensitive data passing between the mobile device and the wireless router, including login details, credit card numbers, private emails, and photos.

In extreme cases, KRACKed devices can be remotely controlled. For example, hackers can log in to your surveillance systems and shut them down.

What’s worse, Internet of Things devices -- like smart thermostats and IP cameras -- rarely receive security fixes, and even if some are available, applying patches are difficult, as these devices tend to have complex user interfaces.

The good news, however, is you can do several things to mitigate the risks.

Download patches immediately
According to recent reports, security patches have already been released for major platforms, including iOS, Windows, and Android. Router manufacturers such as Ubiquiti, Mikrotik, Meraki, and FortiNet have also issued firmware updates, so make sure to install them as soon as possible.

Although IoT patches are rare, consider getting your smart devices from reputable vendors that push out updates regularly. It’s also a good idea to contact a managed services provider to install the updates for you.

Use Ethernet connections
Some wireless routers don’t yet have a security patch, so while you’re waiting, use an Ethernet cable and disable your router’s wireless setting. Turn off the WiFi on your devices as well to make sure you’re not connecting to networks susceptible to KRACK.

Stay off public networks
Free public WiFi networks -- even ones that are password-protected -- in your local cafe should also be avoided because they usually don’t have holistic security measures in place, making them easy targets for cybercriminals.

Connect to HTTPS websites
If you do need to connect to a public WiFi hotspot, visit websites that start with “HTTPS,” and stay away from ones that are prefaced with “HTTP.” This is because HTTPS websites encrypt all traffic between your browser and the website, regardless of whether the connection is vulnerable to KRACK

Hop on a Virtual Private Network (VPN)
You can also use a VPN service to hide all network activity. Simply put, VPNs encrypt your internet connection so that all the data you’re transmitting is safe from prying eyes.

Although the potential impact of a KRACK hack is devastating, security awareness and top-notch support are the best ways to stay safe online. Want more security tips? Contact us today.

The post Watch out for the huge KRACK in WiFi security! appeared first on Complete Technology Resources, Inc..