Residential care providers have reported the highest levels of turnover of staff with a third of staff leaving their roles within a twelve-month period (2019-2020).
This does not just cause a crisis in terms of patient care but could also contribute to a cyber incident as well.
Types of cyber risks you could face?
- Data breaches – where ex-employees can still access patient records
- Data compromise – whereby cybercriminals could use old accounts to gain entry to systems and potentially steal, change, or delete data
How does it usually happen?
Staff need to be able to access patient data for them to care effectively.
But what happens to that access when a member of staff leaves, or they change roles and no longer need that same access that they had previously?
If permissions are not removed, then the employee could still access this data, even after they have left the company, leading to a data breach.
Although this might not cause any problems as the employee never tries to access the data, what happens if the ex-employee is disgruntled and wants to do something to bring your company into disrepute?
If that employee has weak passwords, such as using the same password across multiple sites, and this password becomes known to criminals through a data breach at a different company, then that criminal might try the same credentials in your network.
Here are 5 things you can do (to start with)
- Have a clear policy outlining what happens when a staff member leaves or changes role.
- Enable Two Factor Authentication (2FA) on all supported platforms.
- Have a password policy to ensure passwords are of reasonable complexity and aren’t reused.
- Log everything so you know what normal looks like so you can be aware of any odd activity.
- Plan for disaster, it only takes one click, have a plan of what you would do if something did happen.