17
Jul 2017

Cyber Attack Concerns For HIPAA Compliance

Cyber attack concerns continue to mount as of recent news that Verizon was hacked. The concerns for a cyber attack are often thought of as something only large companies need to worry about, however the largest companies usually have taken precautionary measures to prevent such attacks from being successful. The most at-risk targets for novice hackers are actually small businesses, which for the most, put cyber security as the last thing on their list to be concerned with. 

Taking a non-proactive approach to cyber attack prevention is an approach which can cost a small business millions of dollars, especially since the probability of detection is slim without the proper IT infrastructure in place. Besides having all of your data held hostage, or sensitive financial information stolen, the concern for private client data being released to the public the largest concern for medical practices and business associates of medical practices, as the ensuing penalties can be steep.

HIPAA, the governing legislation over the proper handling of patient medical records mandates that all practices and businesses that fall under the "covered entity" or "Business Associate" of a covered entity is required to perform a routine risk analysis on their practice. A security assessment by a third-party firm is usually conducted to assess not only the IT infrastructure and its risks (open ports, wireless network analysis, server security patching, etc.), but also the practice itself and its susceptibility to social engineering.

Kaizen's Security Assessment for HIPAA Compliance comes in two specific portions: the risk analysis and the remediation. The risk analysis portion conducts a thorough scan for vulnerabilities in a practice or firm, from the IT infrastructure to the receptionists, to search for any area where sensitive data or information could leak, whether through lax IT security or through human interaction. Upon the completion of this phase, a report is generated for any and all vulnerabilities found during the analysis. If vulnerabilities are discovered, HIPAA compliance mandates that a firm or practice needs to have documentation of remedial actions taken. During the remediation phase of our analysis, KaizenTek will generate and implement procedures and training to remedy the vulnerabilities.  

Practices and companies required to be HIPAA compliance are encouraged to do these scans quarterly or at the very lease, bi-annually as office personnel and IT infrastructure typically will have changed within that time period. Maintaining HIPAA compliance is the surest way to protect your company and office from financial damage as well as cyber attack, so drop us a line today to schedule your security assessment and have peace of mind for your future.