ASCs that have purchased and implemented a practice management system or EHR software can take additional steps to reduce cybersecurity risk, according to an HSTpathways whitepaper.
Here are the five steps:
1. Continuously review administrative user assignments and roles. A facility administrator initially determines the types of data individuals can access based on their roles within the organization, but it's crucial to keep track of user role assignments as staff members come and go. Review them quarterly.
2. Keep systems up to date. Outdated desktop operating systems, server operating systems and database management software are more vulnerable to hackers. For ASCs using cloud-hosted software, it's the vendor's responsibility to keep the systems and software updated.
3. Update your firewall. Firewall technology changes over time and hackers are constantly finding new ways to breach a network, so it's important to regularly update and maintain firewall technology and policies.
4. Ensure interfaces are functional and secure. Make a list of all the different vendors and interfaces your facility uses, then review the information being exchanged and how it's secured. Staff turnover and interface changes can create new risks.
5. Educate staff. All staff should receive continuous training on recognizing and avoiding hacking attempts. HSTpathways President and CEO Tom Hui recommends implementing a comprehensive cybersecurity education program or doing an in-service at least once each quarter to keep staff informed.
Read HSTpathways' whitepaper here.