IT Resolutions
The start of a new year is a great time to set new cybersecurity goals and update your practice’s systems. Here are 4 cybersecurity resolutions for 2022.
Editors note: This story was originally published in our sister publication, Dental Products Report®
As we move into 2022, many of us like to create resolutions for the new year—things that we want or hope to accomplish. Perhaps you want to lose a few pounds, exercise more, travel somewhere special, or achieve any of thousands of other goals. One area where many of you may not have resolutions, though, is your information technology (IT) systems. For many practices, IT is in a holding pattern; nothing really changes. For numerous reasons, this is not something I recommend. Rather than having to come up with IT resolutions on your own, I have created a few that you will hopefully consider for the coming year.
1. Get a better handle on your cybersecurity.
Ransomware is a big threat to clinics. Within literally seconds, you can lose access to everything you spent decades building. You need to have a plan in place to protect your practice from ransomware. Typically, this would include a business-class firewall, anti-ransomware software, and a new technique I discussed a few issues ago called application whitelisting.
2. Strive for more regulatory compliance.
This resolution is regarding the Health Insurance Portability and Accountability Act (HIPAA). Notice I did not say become 100% compliant because this is impossible for any health organization; there are over 700 pages of rules and regulations. But that does not mean you cannot work toward better compliance. Did you know that a ransomware infection is considered a breach and must be reported as such? Follow my suggestions in the first resolution above. Make sure all your software—Windows, Office, Adobe, and others—is updated with the latest security patches. Encrypt everything you can, like your server, emails, and any other locations where electronic protected health information is stored. For most clinics, this means working with an IT provider fluent in HIPAA; this is too critical to trust to someone who does not specialize in health care.
3. Make sure you have a great backup and do a test restore.
How? Easy: Turn off your server and see how long it takes to get up and running with all your data intact. For many practices, the issue is not that you have a backup; it is how long it takes to recover from your server being down. A properly designed backup should allow you to restore your server within an hour or 2, tops. The unfortunate reality for many clinics is that their downtime is measured in days, not hours. Resolve to reevaluate your backup to ensure that you can recover quickly from your server going down and that you do not lose any critical patient data.
4. Do an annual risk assessment and update your HIPAA management plan (it is the law).
This is no different than veterinary medicine: You can’t treatment plan until you diagnose first. How do you know where you are falling short of HIPAA guidelines when you do not even look? A proper risk assessment is not a quick online survey; it normally takes 5 to 8 hours to do one. If you do not know where to start, search for and download the National Institute of Standards and Technology document 800-30; it will help you with doing an assessment. Or, as I mentioned above, find a good IT provider who does these and can work with you to not only identify the risks but help you to mitigate them.
Clinics are busy and critical IT risks are often left unresolved. This is the perfect time of year to rededicate yourself to doing everything within reason to protect and secure your practice.
