Who has access to your private information? It’s a question you really can’t know with 100 percent certainty. The idea that somebody out there could know information like your full name, your email or physical address, credit card info, or even your social security number, is terrifying. While it is possible to know if your information has been part of a major leak thanks to the website haveibeenpwned.com, it’s not a perfect record. There are bound to be data breaches that either haven’t been reported, discovered, or affect such a small amount of people it wouldn’t make the news.

One of the most vulnerable areas of data is in the healthcare industry. It’s currently on the rise, affecting 29 million patients that we’re aware of. Many data breaches go undetected for years if the criminals cleaned up any evidence they were there. Because the healthcare industry deals with tons of sensitive information, from health conditions to social security numbers, it needs better security.

Better Training for Healthcare Professionals

Many data breaches and cyber attacks can be prevented if those involved follow proper cybersecurity habits. Far too many hacks and leaks happen because a staff member chose a weak password or accessed information from an unsecured computer. Everybody involved with healthcare data needs better training so as to prevent easy access to information.

What Makes a Good Password

The more nonsensical and complex a password is, the less likely a hacker can get it. While the days of people having their password being “1234” or “PasswordsSuck” are hopefully behind us, most people still don’t have very strong passwords. Many bad habits include having your password be a childhood nickname or pet, using only a single unique number or character (the number 1 is the most popular), using the same password you came up with when you were 14 for everything, and including any part of your name or birth year. Healthcare professionals need to create a fully unique and complex password for both the computer and software used to access private data. That’s two different passwords, making both your computer and account doubly secure. While this is a pain at first, just spend 30 minutes logging in and out of the account, letting your fingers create muscle memory for the password. Then, instead of worrying about remembering the password, your fingers will do the work for you.

Avoiding Strange USBs and Email Attachments

Many healthcare records, especially for hospitals, are stored on a private server only accessible through their own intranet. If a cybercriminal is wanting to get a hold of that information, they’ll need to gain control of a computer connected to that intranet. Two very popular ways of doing this are loading malware on either a USB or in an email and getting it into a computer connected to the network. Proper training would include teaching administrators and professionals on how to treat suspicious emails and USB drives. This should also include policies for healthcare workers on keeping secure USBs and how to request a new one instead of just digging around a desk drawer and using whatever they can find. It’s not just USBs they need to watch out for though, it’s also their phones. A hacker could infect a phone with malware that not only could lead to a data breach, but also cause the phone’s battery to drain quickly. Then, the healthcare worker notices their battery dying, and just like everybody else in the world, panics and tries to find a way to charge it back up. Then, they plug the phone into the computer, and boom, the data is breached.

The Big Data Revolution is Making it Harder

As the big data trend continues to grow, the risk of data breaches rises with it. That’s information that more people can access, leading to more opportunities for criminals to get their hands on sensitive information. While big data can be extremely useful for things like medical mapping or assisting with the latest in medical technology, it needs to be done properly. Anytime data is submitted for a big data project, the most sensitive information needs to be scrubbed from it. Names, exact addresses, social security, and anything that could be used to identify a person needs to be redacted.

Then, those handling the big data need to comply with HIPAA guidelines and follow with the latest in data security. That means strong passwords, stronger firewalls, and quality security software. It’s everybody’s job in healthcare to protect their patient’s information. From the secretary who schedules to the busiest of doctors, anybody who has access to private data needs to be properly trained and make sure their devices are secured.