The well-publicized efforts of hackers stealing customer data from Target and Neiman Marcus during the holidays were a wake-up call for any organization that is legally bound by HIPAA and PCI regulations. Cyber theft is a daily risk, and there’s a real reason to be paranoid. Unauthorized individuals scan networks routinely in a malicious attempt to expose security vulnerabilities. If your businessis victimized and a security breach occurs, your patients’ medical identity and/orsensitive health information may be exposed to online theft. Your ability to recover from the ensuing disaster may prove difficult from a legal and financial perspective, not to mention the risk of losing patient trust and suffering a damaged reputation.
To prevent the security breachesthat lead to cyber theft, plan to scan thoroughly your firewalls, networks and open ports for weaknesses. Do this on a regular basis (and after any major alterations or upgrades to your network), just as a conscientious homeowner checks all the house doors and windows nightly before bedtime. Run internal and external network vulnerability scans, because the vulnerabilities discovered within typically differ from those discovered outside.Score the vulnerabilities in terms of mild to highly critical and then address them in order of priority. If you need help, ask your hosting provider.
As a HIPAA and PCI-compliant hosting provider, achieving the highest level of security and compliance is always our No. 1 priority. While vulnerability assessment scans are not an explicit requirement of HIPAA regulations, vulnerability scans and quarterly reports are required for PCI certification. As a security best practice, we highly recommend monthly vulnerability scans to our HIPAA and PCI regulated hosting clients. We’re typically able to help them with this. We also help them with log monitoring and review, file integrity management, 2-factor authentication, antivirus and patch management.
Vigilance in detecting new vulnerabilities that may have inadvertently been opened in your system could one day save your company from learning a very expensive lesson in security management.