HIPAA Compliance Series - Part 3 - Network and Communications Security

Now that your employees know how important security is and you have proper disaster recovery solutions or backup solutions in place we are going to take a look at the next steps towards HIPAA compliance. Security on computers has long been thought of as simply having a "good" antivirus on your computer. The truth of the matter is that while you can purchase really good antivirus products specifically designed for enterprise environments, there are other precautions that should be made to properly care for the security of your network. We are going to work from the outside of your network in and discuss the precautions that should be in place to properly secure your network.

At the very perimeter of your network is going to be your Internet Service Providers (ISP) modem. This device can have its internal firewall turned on in most cases. While some industry specific software may require the firewall be turned off on this device due to the lack of options, if the router allows, only necessary ports can be opened in this device to increase security. Regardless of whether you are able to keep the firewall software in the ISP's modem on your business should have a proper firewall in place. A good quality firewall allows for very granular control of traffic both internally and externally. You need to have the ability to log traffic and set alerts up to watch for potential issues on the network. We use Fortinet Firewalls to secure clients networks. These firewalls watch for intrusion attempts, have built in antivirus that is developed in-house at Fortinet, Web Filtering to control what type of content is accessible on your network, and much more... A proper firewall is a crucial part to the security of your network as it gives a large amount of control that is much more difficult to overcome than a network without one. After your company firewall the next point of security on your network should be a quality antivirus product. We offer an enterprise class antivirus solutions that is 100% monitored by us so that you do not have to worry about anything on your computers. Infections that are caught by our antivirus are reviewed by a senior level engineer and either removed or release depending on what the found item is. It should be said once again, simply having a good antivirus product is not enough to properly secure your network. Even the best antivirus product on the market cannot detect new infections that is why infections sometimes slip by even with an antivirus on the computer. After you have all of this in place there should be security built in to your networks group policy. Group policy allows you to completely control how users interact with the computer systems on your network and what they can do on it. A properly configured network should allow access to only what an employee needs access to and nothing more. The next step to HIPAA compliance is keeping your systems up to date. When security patches are left up to employees they often forget or neglect to install security patches. Ever notice how often there are updates for Adobe Reader an Flash? Since these updates happen so frequently users tend to start ignoring them which leaves computers open to the risks those patches block. To eliminate this we do automated patch management on all workstations to keep them as updated as possible and reduce the risk further from infections and other security risks. There are other steps that can be taken as well to improve security, one of which is monitoring for failed login attempts. a small number of failed attempts is normal but when this number exceeds a certain threshold it should be investigated to see what is causing the attempt. This can help detect attempts early to hack into a network and prevent them if the proper steps to address the issue is taken. Network security is far from a single point discussion as you can see. It is very important to explore all of your businesses potential points of failure and put precautions in place to mitigate risk and address issues before they become a data breach. For more information keep an eye out for our next post in our HIPAA compliance series! If you think your practice could use a hand improving its security contact us today! ABC Computer Solutions offers 24/7 monitored network security solutions to greatly improve security and catch attempts to beach your systems! www.ABCComputerSolutions.com

#MedicalPractice #HIPAA #MedicalITSupport #NetworkSupport #NetworkSecurity #Toledo #ToledoOhio