Blog

Dresner Group Blog

Our technology blogs feature IT tips and best practices for businesses in Columbia, Baltimore, and Bel Air.

Are You Taking HIPAA Seriously?

Are You Taking HIPAA Seriously?

Due to the actions of a vendor, AmediCanna, a cannabis dispensary in Halethorpe, Maryland, suffered a potential data breach. While at first blush it seems to be a joke that can write itself, the reality is this breach is no laughing matter. For businesses that handle confidential medical records, a HIPAA-related breach can have serious financial consequences.

HIPAA Compliance

One alarm we have been ringing at Dresner is about the importance of data security. Specifically, that businesses evaluate their practices in how they manage and protect their customer’s data. This responsibility is particularly weighted in regards to HIPAA compliance. Many Maryland businesses fail to recognize that even though they are not hospitals or other ‘traditional’ medical institutions, if they handle patient information, they must be HIPAA compliant.

HIPAA Compliance and Windows 7

Before we continue, let’s take a moment to discuss Windows 7. Now that Windows 7 has reached the end of its life, the software is essentially no longer supported. If your business is still using Windows 7, you are unable to be HIPAA compliant. HIPAA regulations require that software involved with patient data must be updatable to address new cyber threats. Using any computers operating Windows 7 in conjunction with your patient data (even if the computer is just a print-server on the same network) renders your business non-compliant with HIPAA. If you still have computers running Windows 7, contact Dresner Group today to develop a plan to bring your business back into HIPAA compliance.

HIPAA is for More Than Hospitals

Cyber attackers are constantly searching for opportunities to compromise data, and medical records are some of the most desired. Hackers exploit security gaps left by businesses who don’t realize the value of the data they are maintaining and don’t protect it accordingly. As Maryland’s IT support experts, we strive to share best practices with the business community, including informing them of their risk. For example, we recently discussed what businesses can learn from the dentists who suffered under the REvil malware attacks, and we pointed out that Maryland veterinarians are at risk of cyberattacks

Part of the reason why these types of businesses are targeted is because, in addition to the data they handle, there is a misunderstanding about the level of risk they face. This misunderstanding is partly due to HIPAA education efforts focusing on hospitals; and other types of businesses gain the impression they aren’t targets, even if they handle patient data.

With this false sense of security, many businesses, in particular smaller businesses, don’t realize that they are targets for hackers. This misunderstanding causes them not to beef up their security, allowing bad actors the opportunity to target them and their data. This brings us back to the THSuite data breach which affected the dispensary in Halethorpe, who--by all available information--simply failed to follow best practices for securing their data.

What makes this breach so disconcerting is that it wasn’t due to a brute force attack from a master cybercriminal. As in recent data breaches, the cause was due to not following best practices for cybersecurity. In this instance, at least 30,000 medical records were left unsecured and unencrypted; stored via Amazon’s Simple Storage Service (Amazon S3) and was accessible via a web browser.

For businesses in Maryland, your responsibility to protect client data is taken very seriously. If your business must be HIPAA compliant, the penalties of a breach of this magnitude can result in fines of up to $50,000 for each exposed record and we haven’t even touched upon Maryland’s Notification Law.  Depending on the size of your business, a data breach can be enough to shut down your business.

Compromised Data is No Laughing Matter

Let’s consider the information the hackers may have stolen and how they may affect the victims. The data leak exposed:

  • Full names
  • Phone numbers
  • Email Addresses
  • Dates of Birth
  • Addresses
  • Medical Information
  • Photo IDs (including Government issued)

This data can allow hackers and scammers the ability to enact incredibly elaborate and personalized phishing attacks, such as spear phishing. Not just against the individuals whose data they have compromised, but also against the individual’s organization. The photo IDs acquired in the breach, in combination with the personal information also acquired could easily lend itself to identity theft. What’s your identity worth to you? The level of information found in this breach can have a wide range of long term consequences for the victims. 

Three Basic Steps To Protect Your Data

THSuite and other third-party organizations which had data breaches previously could have prevented the hacks if they followed a few basic security measures. These measures include:

  • Use of two-factor authentication
  • Having a clear idea of who has access to sensitive data
  • Never leaving an unsecured system accessible to the internet

As noted, these are basic measures to enact and here are some ways to do so:

As you can see, best practices for data security don’t have to be an impossible goal. In fact, they are easily attainable, but you must take data protection seriously. For more information about HIPAA or how we can strengthen your data security, call us today at 410-531-6727. We can also clarify the specifics for HIPAA compliance and present best practices for secure data transfers for your medical practice.

If you're not in a HIPAA-regulated industry, data protection is important to your business too, especially as a Maryland business. Dresner Group supports a range of industries and can provide you with the IT services you need, allowing you to serve your customers and grow your business.

×
Stay Informed

When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.

Make Sure Your Use of the Cloud is Secure
Handy IT Acronyms to Understand
Comment for this post has been locked by admin.
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Friday, 22 November 2024

Captcha Image

Client Service Login

Latest News & Events

Annual Channel Futures MSP 501 Identifies Best of the Best in the Managed Services Industry Dresner Group has been named as one of the world’s top-performing managed service providers in the prestigious 2024 Channel Futures MSP 501 rankings. The Chan...

Contact Us

Learn more about what Dresner Group can do for your business.

Copyright Dresner Group. All Rights Reserved.