Five Easy Healthcare Cybersecurity Tips From EHR Developers

By the EHRA Privacy & Security Workgroup

FIVE SIMPLE HEALTHCARE CYBERSECURITY TIPSWhether you work for a large health system or small physician practice, you know that securing your patients’ data is important, and it’s a responsibility you take seriously. But chances are, you haven’t fully implemented as many cybersecurity best practices as you could.

In a recent threats report, McAfee Labs wrote, “In 2017 the health care sector experienced a 210% increase in publicly disclosed security incidents compared with 2016… [E]xperts concluded that many of the incidents were caused by failures to comply with security best practices or to address vulnerabilities in medical software.”

The bad news is, you’re at risk not only from criminals and vandals who target vulnerabilities in healthcare organizations’ data security measures, but from carelessness and errors in judgement by well-meaning staff.

The good news is that many best practices in cyber-hygiene are straightforward and uncomplicated to implement. Check this list against your own organization’s cybersecurity practices, and make a plan to implement the missing pieces as soon as possible.


Train all team members who have access to protected health information. Every new hire should be formally trained on data security practices, and why each rule is so important. Regular refresher training should also be required.


Make sure staff members understand and utilize good password protocol:

  • DO use different passwords for different sites.
  • DON’T use personal names, dates, or other personal information as passwords.
  • DO choose longer, easy to remember passphrases.
  • DON’T share passwords.
  • DO sign out before walking away from a terminal, even if just for a minute.
  • DON’T write down login and password information on sticky notes or other places where others could find them.

Click here for more best password practices.


Older versions may have vulnerabilities that malicious hackers will quickly take advantage of. Enable automatic updates, and/or when your computer notifies you that an update is available, make it a priority to install the same day to better protect your data.


Keep up with browser updates, carefully monitor how staff are using browser plug-ins and extensions, and install popup blockers.


Many security breaches happen due to a lost cell phone, tablet, laptop, or USB drive. Encrypt these devices and all other removable media, including backup tapes and drives, to keep data secure. Learn more here.

HIMSS created an infographic highlighting these and other best cybersecurity practices for healthcare organizations.

As we wrote in an earlier blog post, “Privacy and security are two separate yet integral parts of any cybersecurity framework; they have many overlaps and often, particularly in healthcare, we can’t talk about security without also talking about privacy.”

Reach out to your EHR vendor for assistance in your efforts to raise the bar on your organization’s security practices. Government resources include:

  • The Office of the National Coordinator for Health IT offers information about how to perform health IT security assessments.
  • The Department of Health and Human Services offers a variety of resources and cybersecurity guidance for healthcare organizations.
  • The National Institute of Standards & Technology (NIST) has created a voluntary cybersecurity framework that consists of standards, guidelines, and best practices for organizations to manage cybersecurity-related risk. 
  • The Department of Homeland Security provides resources and materials to support industry cybersecurity efforts.
Leave a comment


  1. Formdox Technology

     /  April 15, 2019

    Nice for Healthcare Cybersecurity Tips From EHR Developers


  1. Ransomware: Lessons from the Front Lines | EHRA Blog
  2. Strategic Healthcare Leaders Recognize Cybersecurity As A Patient Safety Risk | EHRA Blog

Share your thoughts on this topic!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Categories

  • Follow EHRA on Twitter

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 183 other subscribers
  • Contact Us

    Kasey Nicholoff
    staff @

    Amanda Patanow
    Communications and Media
    ehracomms @
%d bloggers like this: