With the advent of the internet of things, it's more important than ever to keep your health care business safe from cyberattacks. Implement these three basic steps to help you keep your information safe from prying eyes.


1. Know Your Data

Knowing what kind of data you're dealing with is the first step to securing your business from cyberattacks. Know what your data is, where it's stored and who should have access to it to keep it safe. Sensitive Forms of Data  to keep in consideration are:

Client mailing and email lists

Client health or medical records

Employee payroll records

Employee email lists

Business and personal financial records

Marketing plans

Legal, tax and financial correspondence

Knowing what kind of data you're dealing with is the first step to securing your business from cyberattacks. Know what your data is, where it's stored and who should have access to it to keep it safe. Sensitive

Financial institutions

Other providers

Insurance companies

Government entities

Outsourced services or contractors

Even if you have few or no employees, know who has access to sensitive data. Assign rights to specific people for specific data and keep those rights as relevant as possible. The fewer people with access to information, the more secure your business will be. Keep your company data organized by recording its location, so you and your employees will know if something looks out of place.

Health care businesses are especially vulnerable to attacks because they don't just deal with client information, but also with personal health information and many forms of personally identifiable information.

2. Learn to Recognize Online Fraud

Online fraud  is any fradulent request via an online platform for personal information. This often occurs through email, social media or online messaging. These requests may look like they are initiated by a legitimate business when, in fact, they are not. Let your clients know how you will and won't ask for personal information so they can recognize fraudulent requests. Here are a few common online fraud tactics you may encounter.
Social Engineering

Social Engineering

This tactic involves taking personal or business information posted to social networks, websites and blogs, and using that information to trick you into compromising your data. Those "Learn 30 Things About Your Friends" Facebook posts that ask you to answer silly questions and then share with friends are a perfect example of how easy it is for scammers to gain otherwise sensitive information and then use it to deceive you.


Phishing involves dangling a 'lure' to gain usernames, and passwords, and other personal identifiers that can be used to access confidential information. Phishing is generally conducted through email, but can take other forms like texting and social media messaging. A common phishing tactic is taking advantage of natural disasters, economic concerns and health scares to gain access to online credentials and financial accounts. Common phishing scams include emails that claim to be from prominent authorities such as the IRS, the police, or even your computer manufacturer.


Malware is usually downloaded unknowingly when you open email attachments or download items. To protect your business from malware, don't download anything from a sender you do not know, and keep firewalls and antivirus software updated on your company computers, smartphones and connected devices.

3. Review and Change Passwords Often

Your sensitive data should be protected by password-protected apps, pages and software. Review your Password Usage  and change passwords often. Here are some methods of keeping passwords secure.

Do not use any words at all. Any passwords that consist of words, phrases, or personal information (birthdays, phone numbers) are by far the easiest to crack, and amount to handing your personal information to passers-by! Always use a password that contains a string of random numbers and characters.

Store your passwords securely. Online services such as LastPass can be great for this - they can generate secure, random passwords, and then store them for you, so there's no need to memorize them.

Change your passwords monthly.

Keeping your business safe takes a little planning, but it doesn't have to be difficult. With a little extra attention and hard work, you can keep your privacy obligations to your patients - and to yourself.

Cybersecurity: Three Basic Steps to Secure Your Business


Check Out Our Blog