Tips to boost email security in healthcare

All healthcare practices deal with sensitive information and almost all use email across multiple devices. But with new cyber security laws now in full force in Australia, it’s time health looked at taking one of the industry’s biggest security vulnerabilities more seriously.

The new the Federal Government’s new Notifiable Data Breaches scheme now in full force, which means Australian health service providers can no longer withhold information about cyber security breaches.

Under the new NDB scheme, entities have data breach notification obligations when a data breach is likely to result in serious harm to any individuals whose personal information is involved in the breach. The scheme applies to all kinds of personal and sensitive information. Examples include names, addresses, email addresses, genders, family members, financial information, tax file numbers and medical history.

It’s for this reason that security breaches around emails are of increasing concern, as email accounts can be relatively easily compromised, and could potentially identify patients. If data is compromised, it can leave patients open to identity theft, fraud and other malicious activities.

But there is increasing concern that not enough is being done by the healthcare industry to toughen email security. A HIMSS Analytics study in December last year commissioned by Mimecast found that US healthcare providers overwhelmingly rank email as the number one source of a potential data breach. Compounding the concern is that 77 per cent of those surveyed use email to send private healthcare information. Meanwhile a similar report by the Global Cyber Alliance (GCA) recently revealed the majority of the largest US public hospitals are not utilising enough protections on healthcare email security.

To protect your healthcare practice and your patients, review your IT security and ensure you have robust software and procedures in place to protect your computers. Here are some tips for healthcare practices to protect their computers.

1. Install anti-virus protection: and update it regularly
2. Protect sensitive data: using cloud-based solutions with robust secure storage and backup systems
3. Educate: your staff and practice on data security and preventing security breaches, including rolling out policies and procedures. Training yourself and your staff to identify unsafe emails and avoid unsafe downloads is good practice.
4. Manage your passwords: Change them regularly and avoid common passwords that hackers can easily guess. Add two-factor authentication where possible.
5. Update software and systems regularly: Whether you are using a desktop or mobile device. Ensure your firewall structure is robust and activated.
6. Invest in IT infrastructure: The right IT professionals can help set up a robust, secure network for you and your staff.
7. Use common sense: Read emails carefully and twice before taking action. Think twice before clicking on potentially malicious links in unsafe emails or downloading free software from websites, which are common ways for viruses, malware, Trojans or bloatware to infect your computer.
8. Careful what you plugin to your computer: Avoid plugging in personal devices, portable hard drives or flash thumb drives that might harbor viruses.