Malicious code, websites, and data breaches

HIPAA Hacker Malicious


When we conduct HIPAA training most employees are discouraged when we tell them not to surf the web on work computers. There is a very good reason for this… malicious code can be found on websites that have not been updated and maintained properly. Websites, just like any other technology device you use, must be updated and maintained to avoid being hijacked. Website developers sell templates, this makes it very easy to create a website. When vulnerabilities are discovered in the design of the site or one of the plug-ins, updates are pushed out. It is so important that you have a webmaster that stays on top of this! How would you feel if your website was used to infect your web traffic? Image how embarrassing it would be if your patients got a virus or malware from your website?

That brings us to another very important issue when it comes to healthcare; remote users. Home computers are more likely to be infected, in fact 68% of infections were on consumer computers. Are your employees using their own computers at home to access patient data? Was the RDP set up properly? Are the devices properly maintained by an IT professional? Do employees bring their devices from home into your office? Do your employees use their smartphones to connect to your WiFi? These are all areas that need to be reviewed and addressed to ensure your data is not at risk. This is not about restricting employees computer usage because the employer is being unreasonable. This all about protecting your organization from cyber attacks and protecting patient data.

Well educated employees are your best asset and together with proper security you can protect your organization from a data breach. The average data breach cost is $3.8 million and healthcare being one of highest at $380 per patient record. Keep in mind, if you can’t determine which patient records were breached, they are all considered to be breached and are included in the process. Between the cost of the breach and loss of confidence most organizations do not survive past 1 year after a breach.

Our business partner is nationally known and has mitigated some of the largest data breaches. They work with your IT professional to secure your network BEFORE you suffer a data breach. Let us know if you would like a quote on a network security audit.

To find out more about how our automated HIPAA compliance platform can help your organization click here:

Or to schedule a demo click the contact us tab and scroll down.

“Simplifying HIPAA through Automation, Education, and Support”


About Suze Shaffer

Suze Shaffer is the owner and president of Aris Medical Solutions. She specializes in HIPAA compliance, risk management, and cyber security. She believes that by educating her clients in understanding why and what needs to be done to protect their practice they have a better outcome.

Suze has been instrumental in helping clients nationwide with risk management, implementing privacy and security rule policies and procedures, and ultimately protecting patient data. She includes state and federal regulatory requirements to ensure clients are protected in all areas.

She has spoken at numerous conferences and functions. She continues to educate organizations how to minimize the risks of data breaches. HIPAA compliance is not an option, it is mandatory for every organization that comes in contact with protected health information to have reasonable and appropriate security measures in place. Unfortunately, most organizations don’t realize they are not compliant until they suffer a data breach or they are faced with an audit or investigation.

Did you know that the Office for Civil Rights (OCR) is the agency that investigates data breaches? Have you seen the heavy fines that have been imposed for non-compliance?

All 50 states now have their own set of privacy laws and the State's Attorney General may also investigate privacy violations!

Share This HIPAA Blog

2019 HIPAA Updates

February 12, 2019

Cyber Liability Insurance – is it really necessary?

April 19, 2019
©2022 Aris Medical Solutions – HIPAA Risk Management | HIPAA Compliance Consultants | All Rights Reserved | Terms and Conditions | Privacy Policy
The content and images on this website is owned by Aris Medical Solutions and their owners. Do not copy any content or images without our consent.
Powered by Bandwise LLC