By Don Baham, CISSP, CISA, MCSE, Kraft Technology Group
Back-to-school appointments are piling up quickly for healthcare providers, not to mention the dozens of things already on the to-do list for the summer months. There is, however, one potentially overlooked item that needs to climb quickly to the top of that list: a security audit.
What is a Security Audit?
During a security audit, a specialist will examine your technology system and give you quantitative measurements of its security. The specialist will examine multiple aspects of your security, depending on the type of service, but will almost always will include:
- Your payment system, including how and where customer data is transmitted,
- Your data storage,
- Your network security,
- Cloud security, if relevant,
- Physical security, and
- Password security.
In the healthcare industry, you may need to meet basic PCI compliance standards and basic HIPAA standards. During a security audit, the auditor will check to see if your business meets those basic minimum compliance standards and can work to help you better protect your business and your customers.
Why Schedule a Security Audit Now?
Perhaps you’ve put off your security audit. It can wait until later, right? Actually, it’s important to get your security audit on the schedule as soon as possible. Check out these reasons to jump in and get that taken care of.
- Back-to-school season brings an increase in patient traffic.
It’s time for sports physicals and back-to-school checkups for many pediatric patients. College students are scheduling those last appointments before they head back to college (especially those who still rely on their parents to make and pay for those appointments). Many parents are making appointments for themselves, as well, so that they can catch up on needed medical care once the kids are back in school. All that increased traffic means more business for your practice, but it also means more data to protect. A security audit before the influx can help you provide a higher level of protection for your clients and patients.
- You don’t want a security audit during a busy season or when your practice is outside its usual schedule.
The worst time to conduct a security audit is when your business is already busier than usual. You want to conduct a security audit when things are moving normally so that you have time to focus on new security measures or to learn new ways to accomplish the same tasks you’ve always performed. When you conduct a security audit during a busy season, you might not have time to implement those new measures immediately — and by the time you do, it may be too late.
Instead, get a head start by scheduling your security audit before the back-to-school rush begins. Now is the time to implement potential changes, whether that means scheduling a few much-needed updates, talking with your employees about maintaining physical security, or implementing new company-wide password goals, including multi-factor authentication.
- FSA windows are closing.
In addition to the beginning of the back-to-school season, this is also a time when flex spending account windows are closing. Many people are scrambling to use the money they’ve set aside in those accounts before the window closes — and that means an additional increase in traffic through many healthcare-related businesses. If you deal with patients on a regular basis, it’s critical that you update your security before that increase in traffic begins.
- You want to show your patients that security is a priority for your business.
Cybersecurity has become increasingly important for most customers. As many as 60 percent of small businesses are hacked each year, and your patients know it. Unfortunately, customers often face serious consequences when the businesses they choose to trust suffer a cyberattack. They may suffer loss of private data, including financial information or health information, in a breach. With more people becoming aware of the need for cybersecurity, it’s increasingly important that you, as a medical practice, display how highly you prioritize those security efforts. Taking care of your security audit may even help attract more patients to your small practice.
- You want to keep your practice moving smoothly.
During this busy time, hackers may choose to take advantage of you … especially if you’re a small practice, or they suspect that you may have left glaring security holes available. You don’t want your practice to be a target. Sixty percent of small businesses close within six months of being hacked, often due to a combination of decreased customer trust and increased expenses due to the breach. Your practice is no exception to that rule and, in fact, may suffer higher fines and penalties for lost patient data. You’ve just seen a high season in your practice, with plenty of patients coming through, and the last thing you want is to sabotage that by getting hacked — so make sure your security is in place before that busy season begins.
- You may need time to source solutions (or pay for them).
In many cases, your security audit will display gaping holes in your security. Your security company will likely provide you with potential solutions, but you need time to decide what solutions will work for you and what you can afford. In some cases, you may need to shift some of your budget resources to take care of those potential security problems. By putting your security audit on the schedule now, you decrease the odds that you’ll still be working on closing those holes when the rush hits.
Are you ready to schedule a security audit so that you can ensure your practice is protected before back-to-school season? Now is the time to make that audit reality. Kraft Technology Group is happy to schedule a security audit or provide information about the services offered to help protect both your practice and your patients.
Don Baham, CISSP, CISA, MCSE, is president of Kraft Technology Group, an affiliate of KraftCPAs in Nashville. For details about KTG’s full line of services, visit www.kraftgrp.com or click here to contact us.