- Remote Attacker Could Manipulate GE Healthcare Medical Devices
- Remote Patient Monitoring Supports Vendor Connectivity, Technology
“Many companies were caught unprepared when cities and states issued mandatory stay-at-home rules,” Barbara Rembiesa, president and CEO of IAITAM, said in the press release. “Now, the rubber is going to meet the road when those companies, which are struggling not to be crippled by COVID-19, try to keep the cash flowing by having employees at home call or email for credit card information, print out invoices on untracked home computers and send them out on personal Wi-Fi networks. This opens up the potential for breaches and fraud on a scale never before seen.”
Many employees are not equipped for using at-home computers and other BYOD (bring your own device) equipment that handle sensitive data such as credit card numbers. This may cause breaches of personally identifiable information (PII).
While many staff are considered essential, healthcare organizations are sending many of their revenue cycle management and other administrative staff home to work remotely.
Companies are prepping their health IT infrastructure to provide employees with remote work tools as they anticipate shortages due to the pandemic.
One step many organizations are taking is repurposing old computer systems to tackle potential shortages among remote working. This frees up cash flow to support revenue disruptions or contingency plans.
LogMeIn began offering services for organizations that started last week. One of the efforts included free emergency remote work kits for healthcare providers, educational institutions, municipalities, and non-profit organizations.
The kits include solutions for meetings, video conferencing, webinars, and virtual events. Additionally, LogMeIn started a resource center with tips and best practices on how to enhance efforts in remote workspaces.
The move to remote working is an extra precaution, ensuring non-essential staff are not exposed to the novel coronavirus at work. However, the move is still presenting challenges as the first major billing cycle approaches.
Billing information always contains PPI and is especially vulnerable to data privacy regulations. Assets used at home must abide by internal policies and external regulations that govern billing information.
IAITAM stated that policy and procedures must be in place and enforced, especially on a remote basis, to protect data and the integrity of an organization.
Payment Card Industry (PCI) Data Security Standard compliance ensures that outside companies are not able to track credit card numbers or duplicate them without appropriate masking. Under these terms, printing an invoice or taking a credit card payment over the phone could be considered a data breach, the organization highlighted.
Education, finance, and healthcare sectors also have separate considerations. For example, all businesses that handle data from European citizens are subject to GDPR enforcement and non-compliance fines. IAITAM encourages individuals to consult with an IT Asset Management professional who can guide them to the appropriate steps for their respective situation.
“It is no longer business as usual. ‘Stay-at-home’ orders ensure that secure payments and billing procedures are nearly impossible. Remote employees are not trained on data privacy regulation and risk exposing sensitive information to a data breach. Without proper IT Asset Management, there are major dangers that must be mitigated. It is not too late for CEOs and others in charge of companies to take steps to get these risks under control and to protect their data and that of their customers,” Rembiesa concluded.