Fortifying the Digital Front Lines: An In-Depth Guide to Hospital Cybersecurity

Alright, let’s chat about something incredibly vital, something that keeps a lot of us in the healthcare and tech sectors up at night: cybersecurity in hospitals. In today’s hyper-connected world, hospitals aren’t just beacons of healing; they’re also prime targets for cybercriminals. Why? Because they hold a treasure trove of sensitive patient information – think financial details, personal identifiers, and, of course, deeply private health records. The Health Insurance Portability and Accountability Act (HIPAA) isn’t just a suggestion; it’s a stringent mandate for data protection. So, it’s not just a good idea for healthcare institutions to really beef up their cybersecurity practices; it’s absolutely imperative, a moral obligation even.

Failing to protect this data isn’t just a legal headache; it erodes patient trust, disrupts critical care, and can lead to staggering financial penalties. It’s a complex landscape, sure, but with a structured approach, we can build robust defenses. Let’s dive into some actionable strategies.

Safeguard patient information with TrueNASs self-healing data technology.

Building a Resilient Digital Fortress: Key Strategies

1. Cultivate a Security-Focused Culture

You know, the best tech in the world won’t save you if your people aren’t on board. A hospital’s security posture, in my view, truly begins and ends with its staff. It’s not just IT’s job, you see; it’s everyone’s. Leadership plays a pivotal role here, setting the tone from the very top. They must emphasize the critical importance of data protection, not just as a compliance checkbox, but as a core value tied directly to patient safety and trust. This isn’t a one-and-done training session, either. We’re talking about providing regular, engaging, and relevant training. Imagine a scenario where a staff member, perhaps a busy nurse, is rushing between patients and sees a suspicious email. Will they just click it out of habit, or will that security training kick in? That’s the difference a strong culture makes.

Take the case of a large hospital system I heard about in Chicago. They weren’t just doing annual slideshows; they implemented monthly security workshops for all employees, from doctors to administrative staff to janitorial teams. They made it interactive, with gamified phishing simulations and ‘spot the red flag’ quizzes. The result? A remarkable 30% reduction in data breaches in the subsequent year. It wasn’t magic; it was consistent education empowering their human firewall. When people understand the ‘why’ – the direct impact on patients – they become active participants in security, not just passive recipients of rules. It fosters an environment where reporting a suspicious activity isn’t seen as tattling, but as proactively safeguarding patients, which is exactly how it should be.

2. Safeguard Mobile Devices

It’s 2024, and clinicians aren’t chained to desktops anymore. They’re zipping around with smartphones and tablets, accessing electronic health records (EHRs) right at the patient’s bedside. This convenience is a game-changer for care delivery, but, wow, it also opens up a significant attack surface. These portable powerhouses become potential entry points for unauthorized access if they aren’t properly secured. Think about it: a doctor accidentally leaves their unencrypted tablet in a taxi, or a nurse’s smartphone, loaded with hospital apps, gets compromised by malware from a personal download. Suddenly, sensitive patient data is exposed.

This is where a robust Mobile Device Management (MDM) or Enterprise Mobility Management (EMM) solution really shines. Implementing strong authentication methods beyond just a simple PIN – we’re talking multi-factor authentication (MFA) or even biometrics – is non-negotiable. Furthermore, features like remote wipe capabilities are absolutely essential. If a device goes missing, IT needs the ability to instantly erase all corporate data from it, preventing unauthorized access. Beyond that, consider secure containers for hospital applications, enforced device encryption, and strict policies around bringing your own device (BYOD) versus hospital-issued devices. We’re striving for that balance between clinical utility and ironclad security.

3. Maintain Robust Cyber Hygiene

Sometimes, the simplest things are the most overlooked, yet they’re foundational to a strong security posture. I often compare robust cyber hygiene to basic personal hygiene – you wouldn’t skip brushing your teeth for a month, would you? Similarly, in the digital realm, neglecting the basics invites trouble. Regularly updating software across all systems – from operating systems to EHR platforms and even embedded medical device firmware – is critical. Those updates aren’t just for new features; they often contain crucial security patches that close known vulnerabilities hackers are actively trying to exploit. Running outdated software is like leaving your front door unlocked with a giant ‘Welcome’ sign.

Beyond patching, it’s also about pruning. Unnecessary applications installed on hospital systems are not just clutter; they’re potential avenues for attack. If you don’t need it, uninstall it. Less software equals a smaller attack surface. And what about devices reaching their end of life? Securely wiping data from decommissioned computers, servers, and even old hard drives before disposal is absolutely paramount. A simple ‘delete’ isn’t enough; sophisticated recovery tools can easily retrieve data from poorly wiped drives. Implementing secure data sanitization techniques ensures that sensitive PHI doesn’t inadvertently end up in the wrong hands, reducing vulnerabilities that astute adversaries are always keen to exploit.

4. Deploy Firewalls Effectively

Think of firewalls as the vigilant gatekeepers of your hospital’s network. They act as essential barriers, meticulously filtering incoming and outgoing network traffic, standing between your valuable internal network and the wild, unpredictable internet. But simply having a firewall isn’t enough; it’s about deploying and configuring it effectively. We’re not just talking about the basic perimeter firewall here. Modern healthcare environments demand a layered approach, often leveraging Next-Generation Firewalls (NGFWs) that can perform deep packet inspection, intrusion prevention, and even application-level filtering. These aren’t just blocking ports; they’re understanding what applications are trying to communicate and whether that’s legitimate.

Crucially, ensuring firewalls are properly configured involves adhering to the ‘principle of least privilege.’ This means only allowing necessary traffic to pass through and blocking everything else by default. It also involves network segmentation – creating distinct, isolated zones within your network. For instance, your guest Wi-Fi shouldn’t be on the same segment as your clinical systems, nor should your imaging equipment share a segment with your billing department. Regularly reviewing and updating firewall rules is a continuous process, not a set-it-and-forget-it task. As network architecture evolves and new applications are introduced, firewall rules must adapt, ensuring they remain robust against evolving external threats and prevent unauthorized access attempts.

5. Utilize Comprehensive Anti-Virus Solutions

Malware, a catch-all term for malicious software, remains a pervasive threat, capable of infiltrating hospital systems through a myriad of channels – a dodgy email attachment, a compromised website, or even an infected USB drive. Relying solely on a basic, signature-based antivirus solution from a decade ago just won’t cut it anymore. Today, you need something far more robust, something that understands behavioral patterns and can detect novel, ‘zero-day’ threats that haven’t been cataloged yet. We’re talking about moving beyond traditional antivirus to Endpoint Detection and Response (EDR) or even Extended Detection and Response (XDR) solutions.

These advanced tools don’t just scan for known threats; they continuously monitor endpoint activity, analyze suspicious behaviors, and can automatically respond to detected threats, perhaps by isolating a compromised machine from the network. Centralized management of these solutions is key, allowing IT teams to push updates, schedule scans, and review alerts across the entire organization from a single console. Regular updates to threat definitions and the software itself are non-negotiable. Without them, your comprehensive solution quickly becomes a sieve. Furthermore, consider integrating whitelisting capabilities, which only allow approved applications to run, offering an even tighter grip on what executes on your endpoints. These layers of defense are essential for promptly detecting, neutralizing, and even preventing sophisticated malware attacks.

6. Implement Regular Data Backups

Let me be blunt: if you aren’t regularly backing up your data, you’re playing Russian roulette with patient lives and your hospital’s entire operation. In the harrowing event of a major cyberattack – especially a ransomware incident – or a catastrophic system failure, having up-to-date, tested backups isn’t just a good idea; it’s your absolute lifeline. It ensures that critical patient data, operational systems, and administrative records remain accessible and recoverable, allowing your hospital to resume normal operations with minimal disruption. Imagine being unable to access patient allergies, medication histories, or even scheduled surgeries – the consequences are unthinkable.

But it’s not just about having backups; it’s about having reliable backups. I can’t stress this enough: test your backups regularly! A backup that fails when you need it most is worse than no backup at all because it gives a false sense of security. Follow the ‘3-2-1 rule’: maintain at least three copies of your data, store them on two different types of media, and keep one copy offsite or in a geographically separate location. Crucially, at least one backup should be immutable or offline, disconnected from the network, to protect against sophisticated ransomware that tries to encrypt or delete backups. Encrypting these backups, both in transit and at rest, adds another critical layer of protection. This proactive approach makes the difference between a minor incident and a debilitating crisis.

7. Enforce Strict Access Controls

In a hospital, a staggering number of people need access to a lot of information, but not everyone needs access to all information. This is where strict access controls become your best friend. The core principle here is the ‘Principle of Least Privilege’ (PoLP) – simply put, users should only have the minimum level of access necessary to perform their job functions, and nothing more. A receptionist, for instance, doesn’t need access to patient surgical notes, and a surgeon doesn’t typically need access to the hospital’s payroll database. Limiting access to protected health information (PHI) solely to authorized personnel dramatically minimizes the risk of internal data breaches, whether malicious or accidental.

Implementing Role-Based Access Control (RBAC) is an effective way to manage this complexity, assigning permissions based on job roles rather than individual users. When a new employee joins, you simply assign them a predefined role, and they automatically get the appropriate access rights. Similarly, when someone leaves or changes roles, their access can be swiftly updated or revoked. Regular audits of access permissions are absolutely vital to identify and rectify unauthorized access points or ‘stale’ accounts that might have accumulated unnecessary privileges over time. It’s a continuous process, ensuring that your digital doors are only open to those who truly need to walk through them.

8. Strengthen Authentication Mechanisms

Passwords, bless their hearts, are often the weakest link in the security chain. We’ve all been guilty of using ‘Password123!’ or our pet’s name at some point, haven’t we? But in a healthcare setting, weak authentication mechanisms are an open invitation for trouble. Employing complex, unique passwords, enforced through robust password policies (think length requirements, character variety, and avoiding dictionary words), is a fundamental start. However, relying solely on passwords in today’s threat landscape is like securing your mansion with just a single padlock.

This is why multi-factor authentication (MFA) is no longer a luxury; it’s a security bedrock. MFA requires users to provide two or more verification factors to gain access, drastically raising the bar for attackers. This could be ‘something you know’ (like a password), ‘something you have’ (like a token or an authenticator app on your phone), and ‘something you are’ (like a fingerprint or facial scan). Imagine a scenario where a hacker steals a password; without the second factor, they still can’t get in. Implementing MFA for all critical systems, remote access, and even EHR logins adds layers of security that make unauthorized access significantly more challenging. It’s an inconvenience, perhaps, but a necessary one to protect patient data.

9. Restrict Network Access

Wireless networks offer incredible convenience, allowing clinicians and staff to move freely while staying connected. Yet, this very convenience can become a major vulnerability if not properly secured. An unsecured Wi-Fi network is essentially an open door to your hospital’s internal systems. You wouldn’t leave your physical doors unlocked, so why would you leave your digital ones? Implementing strong encryption protocols, like WPA3, for all hospital Wi-Fi networks is a foundational requirement. Beyond that, it’s crucial to segregate network traffic.

Guest Wi-Fi, for instance, should be entirely separate from your clinical network, perhaps even isolated to its own internet connection, preventing visitors from inadvertently or maliciously gaining access to sensitive systems. Furthermore, Network Access Control (NAC) solutions can be deployed to authenticate and authorize every device attempting to connect to the network, ensuring only trusted and compliant devices gain access. Monitoring network traffic for unusual patterns – large data transfers at odd hours, or devices trying to access unauthorized segments – can help identify and prevent unauthorized access attempts early. This diligent oversight ensures your digital highways are safe, not just fast.

10. Secure Physical Access to Devices

In our rush to secure the digital realm, we sometimes overlook the fundamental reality that physical security is the first line of defense. An unauthorized individual gaining physical access to devices like laptops, desktop computers, servers, or even seemingly innocuous USB drives can lead to a devastating data breach, often bypassing elaborate software safeguards. Picture a janitor discovering an unsecured laptop left on a counter in an empty office overnight – it’s an easy grab. Or a lost, unencrypted USB stick containing patient data being picked up by a stranger.

This necessitates a multi-pronged approach. Firstly, secure storage is paramount. Laptops, tablets, and particularly sensitive hard drives should be stored in locked cabinets or drawers when not in use, especially outside working hours. Implementing a ‘clean desk’ policy can help too, ensuring no sensitive papers or removable media are left out. Secondly, restrict the use of personal USB drives or external hard drives; if they must be used, enforce strong encryption and scanning policies. Perhaps most importantly, critical devices, like servers hosting EHRs, should reside in secure data centers or server rooms with restricted access, biometric scanners, and continuous surveillance. We need to remember that sometimes, the simplest methods of theft are the most effective, making physical security a non-negotiable component of our overall cybersecurity strategy.

11. Provide Comprehensive Staff Training

I can’t emphasize this enough: staff are your strongest defense or your weakest link. Generic, once-a-year security awareness training that feels like an obligation rather than an education just won’t cut it. To truly safeguard patient data, hospitals must provide comprehensive, ongoing training that goes beyond basic reminders. It needs to be engaging, scenario-based, and tailored to different roles within the organization.

Think about it: the specific risks a clinician faces (e.g., securing mobile devices, understanding telehealth privacy) are different from those an IT administrator faces (e.g., identifying spear-phishing attempts, secure configuration management) or an administrative staff member (e.g., recognizing social engineering calls). Training should actively address prevalent threats like sophisticated phishing attacks, ransomware tactics, and social engineering ploys. Running regular simulated phishing campaigns, for instance, can effectively test staff readiness and identify areas where more education is needed. When someone falls for a simulated phishing email, it’s a teachable moment, not a punitive one. By continuously educating staff about potential threats and the correct data handling procedures, we significantly reduce the likelihood of human error leading to security incidents. It empowers everyone to be a vigilant guardian of patient information.

12. Implement Data Usage Controls

Controlling access to data is one thing, but controlling how that data is used, accessed, and shared once someone has access is a whole other ball game. This is where implementing robust data usage controls becomes critical. These aren’t about stopping legitimate work; they’re about preventing unauthorized dissemination or accidental exposure of sensitive protected health information (PHI).

Data Loss Prevention (DLP) solutions are incredibly powerful here. These tools can monitor, detect, and block sensitive data from leaving the hospital’s network or being used in non-compliant ways. For instance, a DLP system could prevent an employee from emailing a spreadsheet containing unencrypted patient identifiers to a personal email account, or from copying large amounts of PHI onto an unauthorized USB drive. It can also restrict printing of sensitive documents, automatically encrypt emails containing PHI, and even prevent specific applications from accessing certain types of data. Setting clear policies around data handling – for example, explicitly restricting the emailing of PHI unless via secure, encrypted channels – and then enforcing these with technical controls, significantly reduces the risk of both malicious exfiltration and honest mistakes. It’s about building a fence around your most valuable assets and making sure they stay within that boundary.

13. Monitor Data Access Logs

Imagine a security guard who never looks at the surveillance footage. What’s the point of having cameras then? Similarly, simply logging data access isn’t enough; you must actively monitor those logs. Every time a user accesses a patient record, every login attempt, every file modification – these actions generate digital footprints. Regularly reviewing these logs, whether manually for smaller operations or, more practically, with automated Security Information and Event Management (SIEM) systems for larger ones, is absolutely crucial. These tools collect log data from across your entire infrastructure, correlate it, and then alert you to suspicious activities.

What are you looking for? Anomalies. A user logging in at 3 AM from an unusual location. A sudden, massive download of patient files. Attempts to access records far outside a user’s typical job function. These are all red flags that warrant immediate investigation. Establishing a baseline of ‘normal’ activity helps quickly identify deviations. Early detection through diligent log monitoring allows for prompt corrective actions, potentially stopping a breach in its tracks or significantly minimizing its impact. It’s your digital forensics trail, and it provides invaluable insights into who accessed what, when, and how – invaluable intelligence for both prevention and response.

14. Encrypt Sensitive Data

Encryption is arguably one of the most powerful tools in our cybersecurity arsenal. It’s like putting your sensitive patient data into a highly secure, unbreakable safe. Even if a cybercriminal manages to bypass your other defenses and gain access to the data, if it’s encrypted, it’s utterly useless to them without the decryption key. We’re talking about encrypting data in two critical states: ‘at rest’ and ‘in transit’.

Data ‘at rest’ means information stored on servers, databases, hard drives, and mobile devices. Full-disk encryption for laptops and workstations, transparent data encryption for databases storing PHI, and encrypted storage arrays for servers are all essential measures. If a laptop is stolen, its encrypted drive ensures the data remains unreadable. Data ‘in transit’ refers to information moving across networks, whether internally within the hospital or externally to a cloud service or a third-party partner. Secure Sockets Layer (SSL)/Transport Layer Security (TLS) for web traffic, Virtual Private Networks (VPNs) for remote access, and secure email gateways are all vital for encrypting data as it travels. Robust key management strategies are equally important; securing the encryption keys themselves is paramount, as a compromised key renders all that encryption useless. Encryption provides that ultimate layer of protection, ensuring privacy even if other layers fail.

15. Manage Risks from Connected Devices

The healthcare environment is rapidly filling with a dizzying array of connected devices. We’re not just talking about traditional IT equipment anymore. There are smart infusion pumps, MRI machines, patient monitoring systems, security cameras, HVAC systems – the Internet of Medical Things (IoMT) and broader IoT are everywhere. And frankly, many of these devices weren’t designed with robust cybersecurity in mind. They often run outdated operating systems, have default or hardcoded passwords, and can be incredibly difficult to patch or update, making them prime entry points for cyber threats.

Ignoring these devices is simply asking for trouble. Hospitals must meticulously inventory every connected device, understanding its function, network connectivity, and inherent vulnerabilities. A critical strategy here is network segmentation. Place IoMT and other IoT devices on dedicated, isolated network segments (VLANs) separate from your core clinical and administrative networks. This way, even if an attacker compromises a smart thermostat, they can’t immediately pivot to your EHR system. Implementing strong access controls, monitoring device behavior for anomalies, and regularly assessing their security posture, even if it means working with vendors for secure configurations, are essential steps. These often-overlooked devices represent a growing and significant risk that demands focused attention.

16. Conduct Regular Risk Assessments

How do you know where your weaknesses are if you don’t actively look for them? Conducting regular, comprehensive risk assessments is not just a HIPAA requirement; it’s a proactive security cornerstone. These assessments are systematic evaluations of potential vulnerabilities within your hospital’s IT infrastructure, policies, and processes. They help you identify potential threats, assess the likelihood and impact of those threats, and prioritize mitigation strategies before they can be exploited by an attacker.

What does a thorough risk assessment involve? It’s typically a multi-faceted process that includes vulnerability scans to identify technical weaknesses, penetration testing (ethical hacking) to simulate real-world attacks and uncover exploitable paths, and a meticulous review of administrative and physical security controls. You’ll want to assess everything from your network architecture and server configurations to your employee training programs and incident response plans. These assessments shouldn’t be a once-a-year formality; they should be ongoing, perhaps quarterly for critical systems, and always performed whenever significant changes are made to your environment. By continuously evaluating your security posture, you can proactively address gaps, optimize your security investments, and maintain a robust defense against an ever-evolving threat landscape.

17. Assess Third-Party Security Measures

In today’s interconnected healthcare ecosystem, hospitals rarely operate in a vacuum. You partner with countless third-party vendors – cloud providers, billing services, EHR vendors, medical device manufacturers, IT support companies, even laundry services that handle uniforms. Each of these ‘business associates’ often has access to your sensitive patient data or connects to your network. And here’s the kicker: their vulnerabilities can very quickly become your vulnerabilities. A breach at a third-party vendor can be just as devastating as one originating within your own walls, as many high-profile incidents have painfully demonstrated.

This makes robust vendor risk management a non-negotiable component of your cybersecurity strategy. Before you even sign a contract, you must conduct thorough due diligence, scrutinizing their security measures. This includes reviewing their security certifications (e.g., SOC 2, ISO 27001), requesting their penetration test results, and assessing their incident response capabilities. Crucially, HIPAA mandates a Business Associate Agreement (BAA) with any vendor handling PHI, legally obligating them to protect that data. But a BAA is just a piece of paper if it’s not backed by genuine security. Ongoing monitoring, periodic re-assessments, and clear security clauses within your Service Level Agreements (SLAs) ensure that your extended ecosystem remains secure. Remember, you’re only as strong as your weakest link, and sometimes that link is outside your direct control.

18. Keep Software and Systems Updated

I know, I know, we already touched on this with cyber hygiene, but it bears repeating with much more emphasis because it’s that important. Outdated software is not just an inconvenience; it’s a gaping security hole. Every piece of software, from your operating systems and browsers to your specialized medical applications and device firmware, inevitably contains vulnerabilities. Software vendors release patches and updates specifically to fix these flaws, often in response to newly discovered exploits that hackers are actively trying to leverage. Delaying these updates, or worse, ignoring them entirely, is essentially leaving your hospital’s digital doors wide open for known threats.

Implementing a disciplined, consistent patch management policy is therefore non-negotiable. This isn’t just about clicking ‘update’ when prompted; it involves having a structured process for identifying necessary patches, testing them in a non-production environment to avoid disrupting critical systems (which is a common fear in healthcare), and then deploying them across your infrastructure in a timely manner. Endpoint management solutions can automate much of this process, ensuring all devices are up to date. Furthermore, be acutely aware of ‘end-of-life’ (EOL) software and hardware. When a vendor stops supporting a product, it no longer receives security updates, making it an increasingly dangerous liability. Proactive migration plans for EOL systems are essential to avoid becoming an easy target for opportunistic attackers. Staying current isn’t just good practice; it’s fundamental to maintaining a secure environment.

19. Develop a Robust Incident Response Plan

Hope for the best, plan for the worst. It’s an old adage, but incredibly apt for cybersecurity. No matter how many layers of defense you build, the reality is that a determined attacker might eventually find a way in. When that happens, your ability to respond swiftly and effectively will dictate the ultimate damage. This is precisely why a well-defined, robust incident response plan isn’t a luxury; it’s an absolute necessity. It’s your hospital’s blueprint for navigating the chaos of a security breach.

What should such a plan entail? It needs to cover the entire lifecycle of an incident: Preparation (defining roles, tools, contacts), Identification (detecting the breach), Containment (isolating affected systems to prevent further spread), Eradication (removing the threat), Recovery (restoring systems and data), and crucial Post-Incident Analysis (learning from the event to improve future defenses). But a plan gathering dust in a folder is useless. You must regularly conduct tabletop exercises and simulation drills, testing your team’s readiness and identifying weaknesses in the plan itself. This includes practicing communication protocols – who notifies leadership, regulators, patients, and potentially law enforcement? Involving legal counsel and having cyber insurance in place should also be part of your preparation. A swift, coordinated response can minimize downtime, limit data exposure, and preserve patient trust, turning a potential disaster into a manageable crisis.

20. Establish Remote Access Policies

The convenience of remote access for clinicians, IT staff, and even third-party vendors has become indispensable, especially in our post-pandemic world. Telemedicine, off-site administrative work, and vendor support all rely on secure remote connections. However, every remote connection is a potential entry point into your hospital’s sensitive network. Without clear, stringent remote access policies, you’re essentially leaving a back door ajar. Defining who can access hospital systems remotely, under what conditions, and using which methods is paramount.

Firstly, Virtual Private Networks (VPNs) are your foundational technology for remote access, creating encrypted tunnels that protect data in transit. But a VPN alone isn’t enough. Policies must dictate the type of devices allowed for remote access – ideally, only hospital-managed devices with up-to-date security software, rather than personal, potentially unsecured machines. Multi-factor authentication (MFA) is non-negotiable for all remote logins, adding a critical layer of defense beyond just a password. Furthermore, implementing granular access controls ensures that remote users can only access the specific systems and data required for their job function, adhering to the principle of least privilege. Regular auditing of remote access logs and sessions can help detect unusual activity, such as logins from unexpected locations or excessive data transfers. By establishing and strictly enforcing these policies, hospitals can reap the benefits of remote work without inadvertently exposing their critical systems and invaluable patient data to unnecessary risks.

Safeguarding Tomorrow’s Healthcare

In conclusion, bolstering cybersecurity in hospitals isn’t merely about ticking off compliance boxes; it’s about safeguarding patient privacy, ensuring continuity of care, and preserving the public’s trust in institutions vital to our communities. The digital threat landscape evolves constantly, demanding that our defenses evolve just as rapidly. By diligently implementing these 20 comprehensive strategies, hospitals aren’t just reacting to threats; they’re proactively building resilient, secure environments capable of protecting sensitive patient information for years to come. It’s an ongoing commitment, a marathon, not a sprint, but one that is undeniably worth every ounce of effort. Your patients, and your organization’s future, depend on it.

---

References

• Fortra. (n.d.). 20 Information Security Tips for Hospitals. Retrieved from (fortra.com)
• Fortra. (n.d.). Pharmaceutical Data Security: How to Safeguard Sensitive Information. Retrieved from (fortra.com)
• Fortra. (n.d.). Healthcare Cybersecurity: Tips for Securing Private Health Data. Retrieved from (fortra.com)
• Fortra. (n.d.). Personal Identifiable Information (PII): Tips & Strategies. Retrieved from (fortra.com)
• Fortra. (n.d.). 7 Tips to Avoid a Ransomware Attack. Retrieved from (fortra.com)