It’s debatable whether it’s safer to keep all your sensitive data in one large system (thereby putting it all at risk in the event of a single breach) vs maintaining a cluster of smaller systems (in which case the risk is multiplied, but the loss of data might not be so great). The answer could depend on the size and scope of your operation, so in many cases it makes sense to engage a cybersecurity expert to ensure your safeguards are sufficient for your needs. A recent event at University Medical Center in Las Vegas can serve as a cautionary tale in this regard. Images of patient driver’s licenses and other government-issued identification cards and numbers (but no medical information) turned up on the website of a hacking group known to law enforcement recently, with the source of that information traced back to the hospital. Whether the group’s intent was to hold the information “hostage” or simply to demonstrate its prowess isn’t clear. However, as noted in an article on the American Medical Association’s website, the Health Insurance Portability and Accountability Act’s Security requires healthcare entities to employ “appropriate administrative, physical and technical safeguards to ensure the confidentiality, integrity and security” of patient information. The consequences of failing to do so can be severe. JUCM has covered this issue in depth. A good article to start with if you’re unsure of your own capabilities in this area would be Education Is Key to Avoiding Increasingly Sophisticated Cyber Crime.
Not Sure You’re Up to Date on Cybersecurity? You’d Better Figure It Out Before Hackers Do