The Department of Defense (DoD) Office of Inspector General (OIG) released a special report for heads of several Federal agencies on “lessons learned” for protecting patient data during the COVID-19 coronavirus pandemic.
The April 23 report from Carol Gorman, assistant inspector general for audit of cybersecurity operations at DoD OIG, is a review of several reports from the OIG and the Government Accountability Office to suggest best practices for internal and external cybersecurity when dealing with patient health information.
“As medical facilities manage the increased demands associated with administering patient care during the COVID?19 pandemic, medical administrators should seek to ensure that they also identify and mitigate cybersecurity risks and threats posed by malicious actors attempting to take advantage of the Nation’s focus on caring for the sick,” the report asserts.
The report asks healthcare providers, CIOs, and network administrators to implement security measures that decrease the risk of unauthorized access to patient information, external threats that could exploit weaknesses, and internal threats that could compromise network security.
Some of the systematic weaknesses that Gorman detailed in the report are related to the use of multifactor authentication, strong passwords, identifying suspicious activity, and implementing adequate security measures. In total, the report outlines eight cybersecurity best practices to overcome the identified weaknesses:
- Use multifactor authentication;
- Use strong passwords;
- Identify and mitigate network vulnerabilities;
- Encrypt patient health information;
- Limit access to patient health information;
- Configure systems to lock automatically;
- Review user activity; and
- Implement physical safeguards to protect patient health information.