HIPAA Questions? Call (415) 294-5250


The challenges a given industry faces in IT will vary. Scammers are aware and have known for quite some time—health information is mission critical. Cybercriminals are changing health records. They are also cloned and sold on the black market. These records are profitable, as others could use medical benefits for their own use, such as forging a digital clone as a “virtual person” based on the information provided.

healthcare IT

Health records and billing credentials are important. If breached, what penalties will your organization face?

Sources from The Compliance Group indicate HIPAA penalties and negative PR lead to:

  • 67% loss of trust and negative publicity
  • 33% financial penalties

The biggest concerns of HIPAA compliance include:

  • 35% providing documentation
  • 25% tracking of training and documentation
  • 32% Security Risk Assessment

Let’s get down to the fine details. According to ESET, lack of collaboration is seen as a top challenge.

  • 52% are concerned with legacy systems
  • 51% are concerned with new technology
  • 50% have no incident response plan

The problem of insufficient IT security for health records can be attributed to the following:

  • Old machines
  • New machines
  • Lack of planning
  • No risk assessment & remediation
  • Planning for Incidents
  • User education, Training, and Tracking (Best Practices)
  • Compliance

Just the thought of an employee downloading malicious software can keep you up at night.

Weak Passwords

Most notable are organizations with poor password practice. It’s common to see passwords that are easily guessed and default passwords that haven’t been changed.

We can’t stress enough that passwords entry must contain a mix of symbols, be case sensitive, and be of sufficient length. If allowed, we recommend two factors, which is also known as 2FA, two-step authentication.

Mobile Devices

Mobile Devices impact the workplace significantly. The demand for mobility allows us to communicate more than ever before. The modern-day employee is now more tech savvy, mobile-focused, and leaning towards the cutting-edge. Employees frequently interact electronically in unsafe computing environments.


Select an appropriate security solution to access work-related documents and make sure they are protected. When discussing security, it’s important to implement layers of security. Stay within compliance with proper documentation, tracking and training of documentation, and lastly, incorporate a security risk assessment.

The biggest asset for any organization is their data, and encryption is the first step towards protecting it, including encrypting backups. Routine backup checks also verify redundancy.


Propose company-wide training sessions, providing incentives for discussing cybersecurity best practices in the workplace.

Security standards consisting of data are the most important to business, followed secondly by your employees. They are indeed also one the largest assets in an enterprise environment. Unsatisfied workers equate to poor performance. Train and inform employees and provide them resources to reduce risk. If your organization is experiencing these problems, call us now for a risk assessment.