Skip To Navigation Skip To Content Skip To Footer
    Insight Article
    Home > Articles > Article
    Generic profile image
    MGMA Staff Members

    According to Andrew Jahnke, founder and chief technologist for managed IT and custom cloud service provider RainTech, there is no such thing as being “too small” to be a target for hackers.

    All healthcare organizations are susceptible to cyberattackers seeking to exploit weaknesses in the security of a computer network.

    Ultimately, preventing a cyberattack is much less expensive than reacting to a hack or breach, which is why Jahnke recommends a thorough assessment of your organization’s cybersecurity to get a baseline for the current level of readiness and identify areas for improvement.

    This list offers a detailed collection of key areas that medical practice leaders should examine to be prepared for a possible cyberattack.

    Cybersecurity assessment

    Number of users _________________________________
    Number of workstations ___________________________
    Number of physical servers ________________________
    Number of virtual servers _________________________
    Number of locations ______________________________

    Endpoint protection

    Antivirus Brand: _________________________________

    • Installed on all workstations?
    • Installed on all servers?
    • Are definitions monitored for automatic updates?
    • Do infections automatically produce alerts?
    • Does someone respond automatically?
    • Does it have a web browser plug-in and classify search results?
    • Does it provide sandboxing for executables?
    • Can IT provide a recent status and threat report?

    What is the next renewal date? ____________________

    Network protection

    Firewall make/model: ____________________________

    • Is the firmware up-to-date?
    • Is packet inspection enabled? 
    • Does it have intrusion prevention enabled?
    • Does it use a sandbox solution for downloaded files?
    • Does it have antivirus scanning enabled?
    • Does it have anti-spyware scanning enabled?
    • Does it have flood protection enabled?
    • Does it have Geo-IP blocking enabled?
    • Does it look for and filter botnet traffic?
    • Does it have a web content filter enabled?
    • Are internet-facing servers protected from brute force attacks?
    • Can IT provide a recent status and threat report?
    • Are guest networks completely isolated from the business network?
    • Is internet usage monitored?

    What is the next renewal date? ____________________

    Email protection

    Email filtration product: ___________________________

    • Is email encryption available?
    • Are filtration rules administered by IT?
    • Are executable attachments blocked by default?
    • Are links re-written and scanned when accessed?
    • Are artificial intelligence (AI) and heuristics used to stop spoofed email?
    • Is outbound mail scanned, or only inbound?
    • Are data loss prevention filters in place for outbound email?


    How is the SPF record configured? ____________________________________________________

    Network administration/management

    List any users who have local administrative permissions on their computers:  ___________________

    • Is user account control enabled on all workstations?
    • Are all users’ passwords set to expire automatically?
    • Are password length and complexity required?
    • Are accounts locked out after multiple unsuccessful login attempts?
    • Are screensavers engaged automatically after inactivity?
    • Is multifactor authentication used?
    • Is patching managed and monitored on all workstations and servers?
    • Are non-user account passwords stored in a secure location?
    • Are non-user accounts documented for use?
    • Do all accounts follow principle of least privilege?

    User instruction/policies and procedures

    • Do you have an acceptable use policy for organizational computers?
    • Are users given security awareness training?
    • Are users sent phishing messages to find out who needs additional training?
    • Are risk assessments conducted at least annually?
    • Has a remediation plan been produced?

    Backup/disaster recovery


    How often are backups taken? ___________________________

    How long are backups retained? _________________________

    • Is there a written policy for disaster recovery/mitigation?
    • Are backups “air gapped” from potentially infected workstations?
    • Do backups go offsite automatically?
    • Do failed backups produce alerts?
    • Are backups tested periodically?

    Advanced security measures

    • Do you have/utilize a security operations center (SOC) that monitors 24/7?
    • Do you utilize a security information event management (SIEM) system?
    • Is host-based intrusion detection in place?
    • Is network-based intrusion detection in place?
    • Are servers monitored for ransomware-like activity?
    • Are monitors in place for administrative changes (e.g., domain admins)?
    • Are independent penetration tests performed periodically? 
    Generic profile image

    Written By

    MGMA Staff Members



    Explore Related Content

    More Insight Articles

    Ask MGMA
    Reload 🗙