We often focus on securing our networks with antivirus, crypto prevent, malwarbytes, scanning, monitoring etc. One thing we rarely do is concentrate on physical security. Think about it. Do you have a physical plan for securing devices in your office?
Concentrate on Physical Security
When i do security assessments, the first thing we go over is the physical security. Things like door locks, server room locks, server room environments to protect the equipment, laptops in common areas, etc. Having a PC or laptop stolen is one of the most common data breaches. Not only that, having a server crash and burn is problematic as you now lost all your patient data. Let’s hope the last backup worked.
Physical security is often over looked. Leaving old equipment around that has ePHI on the hard drive is a HIPAA violation. Not locking your doors for desktop and servers is also a violation. Per HIPAA, you MUST be able to protect ePHI and it goes beyond loading tools onto the system. You really want to concentrate on physical security as well at the health of your device.
Printers, Faxes and Copiers
These are the most often overlooked devices. Faxes have ePHI sitting in the tray. The fax machine is in the middle of an unlocked room. Same for the copier, and printers. These devices need to be protected against theft. They also need to be protected from strangers being able to walk in and pull paper off the fax and printer. You need to make sure your printers, faxes and copiers are physically secured.
Give it some thought. What do you have in your office that if someone steals it, you are in trouble. Once you have defined those devices, lock them down physically as well at with monitoring software. It’s almost like double protection!
