Home Article Be a ‘big fish’ when it comes to security protocols

Be a ‘big fish’ when it comes to security protocols

Be a ‘big fish’ when it comes to security protocols

Providers

Theresa Flaherty Head Shot

By Theresa Flaherty, Managing Editor

Updated 9:41 AM CST, Fri December 16, 2022

Jesse FarrisWATERLOO, Iowa – Now, more than ever, it’s important for HME providers – no matter how small – to pay close attention to cybersecurity to protect themselves and their patients, says Jesse Farris, IT director for VGM Forbin. 

A breach can happen to anyone at any time. Case in point: Wright & Filippis, a large regional provider, was recently hit with a ransomware attack. 

“Health care data is the most valuable data there is,” he said. “If you steal a credit card and sell it on the black market, the value of it is like $10. When it comes to health care data, you can’t change your Social Security number or birthday or what prescription drugs you are taking. That information is worth upward of $50 or $60 per person.” 

Big fish, little fish 

While many providers are curious about cybersecurity, they may be slow to implement it, says Farris. 

“They are typically of the mindset, ‘I’m a small HME, this won’t happen to me,’” he said. “What they are missing is a larger company, like VGM, has a very robust information security platform. We’re very hard to break into. The HME provider’s budget is small, but the data they have is just as valuable. Why should a bad actor go after the big fish, when you have small fish with no security? 

Trusted partners 

The most important step a provider can take to protect themselves is to find a trusted third-party company to look at their business from the outside, says Farris.  

“A big part of what we do is security and HIPAA risk assessment,” he said. “Find somebody that specializes in this and go on the journey with them to be more compliant and more secure.” 

Back it up  

Having a good backup system is a “big step” providers can take to secure their data, says Farris. Make sure it’s stored in more than one spot and it’s not accessible between the two systems. 

“If you do get hit with a ransomware attack, you might lose a day or two of work, but we can at least recover it from your backup and get your business back up and running,” he said. “Backup solutions have an upfront cost to implement, but after that, there’s not as much of a recurring cost. Just keep an eye on it.”

Comments

To comment on this post, please log in to your account or set up an account now.