In the U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) newsletter issued last December, travelling healthcare professionals were given recommendations to avoid malware infections and potential exposure of patients’ protected health information. When healthcare professionals travel during the holidays, they could be taking work-issued devices, such as laptops, tablets and mobile phones, on their travels. Connecting the devices to the internet at cafes, hotels and other Wi-Fi access points or even charging the devices via public USB charging points can trigger malware infection. Then the malware infection can result in data exposure, login credentials theft, data breach and transfer of the malware to your work organization’s network.
HIPAA-covered entities and business associates need to analyze the vulnerabilities and risks that they have that could lead to potential data breaches. This process should include looking into the risks that come with traveling healthcare professionals. OCR issued the following best practices for traveling healthcare professionals to help manage the risks of taking work-issued devices from the protection of a secured network.
1. Don’t take work-issued portable devices with you when you travel. Leave them at home or in the office.
2. Make sure that all portable devices are patched. Update all software, operating systems and mobile apps.
3. Use strong passwords with more than 10 characters combining numbers, symbols and letters (upper and lower case. If possible, use multi-factor authentication.
4. Activate security options on mobile phones such as fingerprint readers. In case of loss or theft, it can prevent account access and will give enough time to change passwords to secure the account.
5. Encrypt all sensitive data in laptop computers to prevent access in case of theft or loss. If the data is not necessary, remove them from the portable device.
6. Have multiple backups of data. Store one copy in the cloud and another copy in another device. This will make data restoration easy in case of ransomware attack, loss or theft of the portable device.
7. Don’t use public USB charging points. Bring a portable charger, power cord and adaptor to charge your device. If it’s necessary to use public charging ports, power down devices first before connecting.
8. Don’t connect to public Wi-Fi networks. When traveling, connect your device to the internet via a VPN.
9. Disable automatic connectivity of a device to Wi-Fi networks and Bluetooth.
10. Use a unique PIN number for different devices.
11. Take the portable device with you if you can’t lock it in a safe place in the hotel. Don’t pack it in the check-in luggage. Keep it as your hand carry.
12. Don’t use geolocation services on your social media accounts. Don’t post your travel photos until you return home. These can feed information to thieves that you are not at home.