I have a firewall and anti-virus software, so why do I need your services?

Part of being secure and HIPAA compliant is insuring that you make every effort to secure and protect your client or patient data. The industry standard for network security and data protection is vulnerability scanning and penetration testing.  If your firewall, network and operating systems are not configured properly or not updated, your system is very vulnerable.

In the event of a data breach, your network will be closely examined to see if you had vulnerabilities that should have been removed.  In the event that you and your IT company is found to be negligent, you could face massive penalties from your state and/or Health and Human Service the Office for Civil Rights.

Black Talon Security specializes in network security and HIPAA compliance and that's all we do.  We have found that most IT companies are good at setting up networks, but have limited knowledge when it comes to robust network security.  You really need to have a 3rd party, such as Black Talon Security, validate and manage your security.

What will happen if I have a data breach?

Most practices and businesses spend a lot of money on advertising, PR and managing relationships.  But have you thought about the ramifications of a data breach or ransomware?  All the money you have invested in yourself, your practice/business and staff could be jeopardized.  In the event of a data breach you will have to deal with these ramifications:

Federal Law and most state laws require you notify every single patient or client that their records and identity were stolen

The social media backlash will be severe

Mainstream media will make your practice a target

The financial cost of identity monitoring and legal fees could easily put you out of business.

Federal and state law enforcement may open investigations

You will face lawsuits from your patients

Your referrals will stop sending patients or clients to you because of the negative PR in your community

Your data may be published to the Dark Web or publicly, putting you in a very compromising position.

 

Imagine if an unauthorized person is able to see your patient's health record.  It has happened and will continue to do so!

I am using a cloud based practice management software, do I need your services?

Even though you may be running a cloud service, which handles the database security, you still have risk.  Through malware delivered via websites or more likely email a hacker can compromise your network by using a phishing scam to get your user name and password or install a key-logging script that captures your login credentials.  With this information, the hacker could log into your software as if he/she was in your office. Most Cloud based systems are vulnerable to ransomware attacks.

Most practices that use a cloud practice management software still have data being stored locally, such as images and email attachments.  This data contains personal health information (PHI) and needs to be safeguarded as well.

What is ransomware and what is the impact on my practice if I fall victim?

Ransomware is a debilitating attack on your infrastructure that encrypts your computers and server and leaves you completely helpless & hostage unless you are willing to pay a significant amount of money to have the attacker decrypt your files. Most law enforcement agencies will tell you not to pay since there are no guarantees your files will be released.  If this occurs, your entire network infrastructure will need to be restored.  If you don't have a good backup, your may experience significant data loss, which is a security incident under the HIPAA security rule

The process of restoring your network is expensive and very time consuming.  It is the same process as starting from scratch. Applications have to be installed and configured. Network security, settings, accounts and data have to be restored.  Even with a good offsite backup, it may take days just to get your data back.  With practices relying heavily on EMR/EHR systems and digital radiography, your patient files are usually significant in size and won't download in a short amount of time. For the average sized practice, this is a multi-day process.  How much will this cost you financially?  How will your patients and referrals feel when you have to cancel consultations and procedures?  

Do I still need an IT company to support my network?

Do I still need an IT company to support my network?

Absolutely. The relationship we have with your IT company is mutually beneficial.  After performing all of our security testing on your network, we will work with your IT company to mitigate any risks.  Your IT company will be the one making the necessary software changes based on our recommendations.

If I have MACs, do I still need cybersecurity?

You absolutely do. There are more and more MAC exploits being developed by hackers than ever before. In addition, many practices that have MACs often have acquisition PCs that drive their digital imaging systems and these PC's often run Microsoft Windows. Are you using any IoT (Internet of Things) devices such as smart TVs, digital picture frames, digital thermostats, etc? These devices are often highly susceptible to cyberattacks and hackers often use them as a way to launch attacks against the rest of your network.

Regardless of the platform you use (Windows or MAC), you must conduct a risk assessment and risk analysis against these devices to understand your security posture.

© 2019 Black Talon Security, LLC.  All rights reserved. 

Follow us at: