Laws of HIPAA CybersecurityBack in January, I read an article in Forbes titled: The Five Laws Of Cybersecurity.  When reading it, I realized that it was a great message to our listeners but it needed a HIPAA flavor added to it.  In this episode, we add our thoughts to this article and turn it into 5 Laws of HIPAA Cybersecurity.

HIPAA For MSPs by David Sims 5 Laws of HIPAA Cybersecurity
00:00:00 00:00:00

When reviewing the list published by Nick Espinosa on Forbes the concepts apply to all areas of cybersecurity.  When we add in the HIPAA requirements it only brings home the points to settle right into the importance of security safeguards.

1: If There Is A Weakness, It Will Be Exploited By Someone

In the article Nick referenced a great point:

“Consider for a moment that when the first bank was conceived and built, there was at least one person out there who wanted to rob it.”

It is a great analogy just like referring to what Willie Sutton said when asked why he robs banks, “because that is where the money is”

2: Everything Has Some Sort Of Weakness

Assuming that you have everything locked down is usually the first failure of a cybersecurity program.  Whether the attitude is due to arrogance or ignorance is irrelevant.  Once you assume you don’t have any vulnerabilities that is your biggest vulnerability and it will be used against you.

Having proper policies and procedures in place can help protect your data and your network but it is not impenetrable.  Just like the Titanic was an unsinkable ship, you have weaknesses in your defenses somewhere.

As mentioned in the Forbes article:  “From minor to major vulnerabilities, Law No. 2 is inescapable.”

3: Humans Trust Even When They Shouldn’t

As humans, most of us want to help others.  It is a basic tenet of working in healthcare that you must be interested in helping others.  Well, at least for many of us, it is a part of who we are and why we also get in trouble.

Insider issues, that we have discussed frequently on this show, make it clear trust is both a virtue and a curse for us.  In the Forbes article he hit a great point when he said that our trusting nature makes us fall for things:

“People fall for phishing scams, assume that the anti-virus program they bought for $20 will turn their computer into Fort Knox or believe the form they’re filling out is legit”

4: With Innovation Comes Opportunities for Exploitation

The point made here makes even more sense when you look at the extensive changes and innovation taking place in healthcare every day.  The pace is overwhelming in some cases.  The idea that you are saving lives or making lives better means that many people are driven to innovate.  Opening up your network to a new tool or feature means you may be opening it to attacks.

5: When In Doubt, See Law #1

So much of what we do relies on technology these days.  We can’t function in business without it.  How we connect with each other and information has instantly become almost a handicap for some of us – to ever doubt that you have nothing that matters or no need to worry about security.  If we do not remain vigilant and diligent we will be defeated in the daily cyberwar.  Thinking like your adversary is how you win many battles and that is where we are today.  We can never let our guard down.

5 laws of HIPAA cybersecurity is a reminder of the mindset that we need to keep our data secured.  If we venture outside these laws and forget them, we will likely pay the price for a security incident.