A recent article in HR Executive contained some important reminders for businesses in the US, which holds the title of “Worst-affected Country in the World” when it comes to data breaches. HR data and employee personal identifying information are “the sweetest prize” according to one data expert, who says that hackers employ a combination of smooth-talking and technology to access it.
Of course, those of us in healthcare have long been protective of our patients’ data and we have the HIPAA policy manuals to prove it, but some of the author’s suggestions are still worth noting.
- Build a partnership between IT and HR to reinforce cybersecurity among the workforce, because after all, it goes beyond patient information, encompassing protection of business structures as well.
- Conduct at least one “robust” security assessment each year. This is a HIPAA requirement, which in fact, should be an ongoing activity, scaled to your organization. But do you know if it’s done on a regular basis and what the assessment results indicate? This brings us back to the first tip which is to include HR in developing better learning opportunities to reach workers.
- Maintain an internal forum where employees can stay informed about marketplace trends. Similar to how we spread the word to friends about the suspicious-looking text from the bank that was really a hacking attempt, the idea is to build widespread awareness of the new scams out there.
The author goes on to encourage regular password changes – groan, hiss – among other suggestions. Suffice it to say, with so many ransomware attacks in the news these days, this is an area that may very well rise to the level of terrorism, as suggested in the article.