Broomfield Skilled Nursing and Rehabilitation Center, which is now called Adara Living, was the victim of a Cybersecurity breach in 2021. According to the news report by CBS News Colorado, they have been levied a significant fine and need to upgrade their systems.
According to the article, the company had two email accounts without multifactor authentication that contained tens of thousands of emails with personally identifiable information dating back to 2016.
Additionally, they had no paper and electronic data disposal policy or incident response plan.
The fact of the matter is that every single business in Colorado has a responsibility to increase security and protect the information that they hold. Certainly, industries in the medical and financial sectors hold more, but each one of us has personally identifiable information. Whether it be SSN and bank account numbers for our employees or information regarding the clients we serve.
How Can You Protect Your Organization?
Get a Cyber Security Risk Assessment. Whether you have an internal I.T. department or an outsourced I.T. resource, this needs to be on the top of your list of things to do. An independent Risk Assessment will give you valuable information as far as where your risk lies. It could be data being saved somewhere it shouldn’t be, reusing passwords, or lack of processes in the organization regarding financial matters.
Enable and Enforce Multi-Factor Authentication. MFA adds an extra layer of protection by requiring users to give two or more pieces of information before granting access. But as in the case of the nursing home, it was not enforced across the board. Make sure your I.T. department is regularly confirming compliance.
Educate. Educate. Educate. This is a team sport. You must regularly ensure that you and your team are educated. Have your I.T. team offer regular training on phishing, social engineering, malware, and artificial intelligence. Your team must know how to respond to various threats and risks.
Safeguard Everything. Whether your team works out of an office or remotely, make sure that you secure the environment. This is especially important for your team members that work remotely, as they can provide the greatest risk to your business.
Back It Up. To prevent loss in the event of an online attack, you must have backups. It is imperative that all backups are automated, encrypted, and stored off site. Make sure your I.T. team is regularly testing your backups to ensure they are available when you need them.
Trust No One. All businesses should be running under a Zero-Trust model. This means that no one inside or outside the network should be trusted. Each user, each device, needs to be verified and authenticated before being granted access.
Monitor and Respond. You must have a fully built out monitoring system to be able to respond to incidents in real time. You need the ability to identify unusual activity and threats. Your incident response plan will allow you to recover quickly and mitigate the damage.
As in the case of Broomfield Skilled Nursing and Rehabilitation, a cybersecurity incident can be devastating to a business, its clients, and its team members. Reputational damage, financial losses, and consequences from local government entities. Being proactive will save both time and money.