If you’re a small-to-medium sized business, or in any type of health care field, you’re at the greatest risk to have your data held for ransom.
By Susan Sheppard
In 2016, the total ransom paid by small businesses to hackers globally is reputed to be more than $700 million.
That’s not the worst of it. The real cost of ransomware was in downtime to the business – a whopping $191 billion in 2016 alone.
If until now, you haven’t been worried-You’re not alone. According to recent reports, 60% of businesses are not highly concerned about ransomware.
“Ransomware has plagued all industries but its impact has been most acute in healthcare and small to medium sized businesses,” said Dan Marcellus, president and chief executive officer, SkyPort IT, the Rochester, NY-based managed data security services provider. “Losing patient data could affect the health of people that look to you for safety; losing customer data could put you out of business.”
The good news is that there are managed data security service providers that can show you how to prevent cyber-attacks, limit your exposure and tighten the lock on every door in to your computer network.
SkyPort IT specializes in managed data security services for businesses requiring Health Insurance Portability and Accountability Act (HIPAA) compliance and high levels of data security. SkyPort provides a multi-level, multi-layer approach using best practices and best-in-class technology to proactively design, deploy and protect infrastructure and data.
“Every industry that is regulated by the (HIPAA), is required to have HIPAA credentials for everyone who touches an electronic patient record,” explained Marcellus.
The HIPAA requires physicians and other healthcare providers who conduct electronic transactions to adopt certain security measures to safeguard protected health information (PHI) in electronic form.
“What many businesses don’t realize is that the HIPAA rules apply to both covered entities and business associates. A covered entity is a health plan, healthcare clearinghouse or health care provider who electronically transmits any health information,” explains Marcellus.
HIPAA rules also apply to business associates, which is a person or entity that performs certain functions or activities that involve the use or disclosure of protected health information on behalf of, or provides services to, a covered entity.
Examples of covered entities are:
• Ambulatory and Surgical Centers (ASC)
• Doctors and Dentists
There are many businesses that work with patient records and data where it may not be immediately apparent that they too need HIPAA compliance certification. For example, vendors who are tasked to distribute ASC surveys, will need to follow the same guidelines as the ASCs.
Tom Faith, president, New York State Association of Ambulatory Surgery Centers, explains that, “Patient information/data must be encrypted and transferred to the survey vendor using a secure method. Vendors and all subcontractors must have and implement systems and security policies that protect the security of personally identifiable information (PII) as defined by HIPAA, or they cannot participate.”
Examples of business associates (whose services involve access to PHI) are:
• Managed security service providers
• Certified Public Accountants
• Law firms and legal entities
• Billing and coding services
• Medical transport services
Having an understanding of HIPAA compliance is just one area where a vendor that specializes in information technology, safety and security issues can be invaluable to businesses, especially small to medium size businesses (SMBs) who often are relying on a “computer savvy” staff member to handle their IT support and not an IT expert.
Worldwide healthcare organizations are expecting to increase their information security workforce by 20% or more, however more than 66% do not have the staff necessary to address cybersecurity threats, indicating that the shortage of information security workers is widening, as more sectors recognize the importance of deploying a skilled cyber workforce to protect their data.
“Analysts such as Frost and Sullivan point out that there are varying levels of readiness among healthcare organizations to combat the threats of ransomware, the biggest cybersecurity threat for healthcare,” said Marcellus.
“If a business cannot afford a complete IT staff for 24/7 cyber security monitoring, they should be leveraging a managed security services provider (MSSP) like SkyPort IT, that has the expertise, qualifications, time and resources to anticipate and protect a company from the latest security threat.”
Multiple Levels. Multiple Layers.
Marcellus points out that businesses should leverage multiple solutions to prepare for the worst. Today’s standard security solutions are no match for today’s ransomware, which can penetrate organizations in multiple ways. Reducing the risk of infections requires a multilayered approach rather than a single product.
SkyPort IT offers:
• Phishing Testing and Training
• Infrastructure Security Status Reports
• Data Fortification Plans
• Risk Assessments
For a Complimentary Risk Assessment and Free Guide to Finding the Ultimate IT Business Partner, visit: www.skyport-it.com/rbj today.
Susan Sheppard is the Director of Marketing and Communications at SkyPort IT.