Hackers Don’t Take Holidays

In the December 2017 Office for Civil Rights (OCR) Cybersecurity Newsletter, the OCR outlines different safeguards covered entities and business associates can implement to help protect private information from hackers this holiday season.

The December Newsletter focused on the fact that many people may be traveling for the holidays and that changes the way that people think, or maybe don’t think, about cybersecurity. Last month, the OCR provided guidance on mobile devices, highlighting how vulnerable they can be.

Some important safeguards and protective steps include using the power adapters and cords that come with the mobile devices.  The OCR stated that “thieves may install malware onto hotel lamps, airport kiosks and other public USB charging stations.”  If you must use an unknown charging cable, power your device off first.

Ensuring updates and patches are installed properly is another step to take before traveling.  This will ensure that your device has the most advanced protection possible before traveling.  Also, ensuring all important files are backed up before traveling will help you in the event your device is lost or stolen.  Make sure those backups are stored securely and consider encrypting them as well.

The OCR also suggested changing passwords and using multi-factor authentication.  Then when you return home, you should change your password again.  If your device has a lock setting, now is the time to set it up.  This might require a passcode or phrase to access the device, or even something more advanced like your fingerprint.

One of the biggest things you can do to protect your devices is to avoid public networks as much as possible.  You can go into the settings of your devices and disable the automatic connection to WiFi and Bluetooth.

Another thing to think about is not sharing pictures and messages on social media that you are out of town.  For smaller doctor’s and dentist’s offices that shut down during the holidays, this can be the perfect time for a thief to break into your offices and steal protected health information (PHI) when their intention is most likely to steal valuable electronic devices.

Finally, the OCR reminds covered entities and business associates that if devices are used during travel, it must be included in a risk assessment.


To learn more methods for protecting private information and devices from hackers, join HIPAAgps today.