About Sigmund
Careers
With clinical care remaining the highest priority in behavioral health provider organizations, many providers struggle to give enough attention to critical administrative tasks such as protecting patient data. Some staff might see cybersecurity as someone else’s concern, while leadership might consider it too expensive to enlist the necessary expertise.
Given the effect that an unauthorized release of sensitive information can have on the lives of patients and families, organizations must take meaningful steps to safeguard patient privacy. Following up on our last blog, we offer additional guidance from Matthew Prete, Sigmund Software’s chief product and information officer, on routine but crucial steps that behavioral health organizations can take to strengthen data security.
Prete recommends that organizations implement multi-factor authentication (MFA), requiring an extra level of security to access sensitive data. He calls MFA one of the strongest protections organizations can require, saying individuals should become accustomed to the practice for both their work and personal business.
Instituting MFA can protect an organization from unauthorized access to accounts, even in instances where a password has been stolen.
Prete also recommends that staff refrain from reusing the same passwords time and again. If an organization’s website is compromised, cybercriminals will seek to use the same password on different accounts, exacerbating the impact of a crisis. Staff should avoid any practices that result in a dangerous overlapping of work and home accounts.
Also, it is extremely important for provider organizations to ensure regular backups of data. This sounds like more of a utility function to organizations, but Prete says it’s an essential component of cybersecurity.
Backups to an off-line location become critical to getting back online if bad actors infiltrate your systems, Prete says. Data backups can minimize the impact of a cyberattack and maintain the continuity of an organization’s operations.
Organizations can and should take routine steps such as these to mitigate the risk of unauthorized disclosures and to protect patient privacy. This will safeguard what is arguably your most precious commodity: your patients’ trust.
