Steps to stronger cybersecurity

Insight Article - February 1, 2019

Risk & Compliance

Business Operations Technology

MGMA Staff Members
According to Andrew Jahnke, founder and chief technologist for managed IT and custom cloud service provider RainTech, there is no such thing as being “too small” to be a target for hackers.

All healthcare organizations are susceptible to cyberattackers seeking to exploit weaknesses in the security of a computer network.

Ultimately, preventing a cyberattack is much less expensive than reacting to a hack or breach, which is why Jahnke recommends a thorough assessment of your organization’s cybersecurity to get a baseline for the current level of readiness and identify areas for improvement.

This list offers a detailed collection of key areas that medical practice leaders should examine to be prepared for a possible cyberattack.

Cybersecurity assessment

Number of users _________________________________
Number of workstations ___________________________
Number of physical servers ________________________
Number of virtual servers _________________________
Number of locations ______________________________

Endpoint protection

Antivirus Brand: _________________________________
  • Installed on all workstations?
  • Installed on all servers?
  • Are definitions monitored for automatic updates?
  • Do infections automatically produce alerts?
  • Does someone respond automatically?
  • Does it have a web browser plug-in and classify search results?
  • Does it provide sandboxing for executables?
  • Can IT provide a recent status and threat report?
What is the next renewal date? ____________________

Network protection

Firewall make/model: ____________________________
  • Is the firmware up-to-date?
  • Is packet inspection enabled? 
  • Does it have intrusion prevention enabled?
  • Does it use a sandbox solution for downloaded files?
  • Does it have antivirus scanning enabled?
  • Does it have anti-spyware scanning enabled?
  • Does it have flood protection enabled?
  • Does it have Geo-IP blocking enabled?
  • Does it look for and filter botnet traffic?
  • Does it have a web content filter enabled?
  • Are internet-facing servers protected from brute force attacks?
  • Can IT provide a recent status and threat report?
  • Are guest networks completely isolated from the business network?
  • Is internet usage monitored?
What is the next renewal date? ____________________

Email protection

Email filtration product: ___________________________
  • Is email encryption available?
  • Are filtration rules administered by IT?
  • Are executable attachments blocked by default?
  • Are links re-written and scanned when accessed?
  • Are artificial intelligence (AI) and heuristics used to stop spoofed email?
  • Is outbound mail scanned, or only inbound?
  • Are data loss prevention filters in place for outbound email?

How is the SPF record configured? ____________________________________________________

Network administration/management

List any users who have local administrative permissions on their computers:  ___________________
  • Is user account control enabled on all workstations?
  • Are all users’ passwords set to expire automatically?
  • Are password length and complexity required?
  • Are accounts locked out after multiple unsuccessful login attempts?
  • Are screensavers engaged automatically after inactivity?
  • Is multifactor authentication used?
  • Is patching managed and monitored on all workstations and servers?
  • Are non-user account passwords stored in a secure location?
  • Are non-user accounts documented for use?
  • Do all accounts follow principle of least privilege?

User instruction/policies and procedures

  • Do you have an acceptable use policy for organizational computers?
  • Are users given security awareness training?
  • Are users sent phishing messages to find out who needs additional training?
  • Are risk assessments conducted at least annually?
  • Has a remediation plan been produced?

Backup/disaster recovery

How often are backups taken? ___________________________

How long are backups retained? _________________________
  • Is there a written policy for disaster recovery/mitigation?
  • Are backups “air gapped” from potentially infected workstations?
  • Do backups go offsite automatically?
  • Do failed backups produce alerts?
  • Are backups tested periodically?

Advanced security measures

  • Do you have/utilize a security operations center (SOC) that monitors 24/7?
  • Do you utilize a security information event management (SIEM) system?
  • Is host-based intrusion detection in place?
  • Is network-based intrusion detection in place?
  • Are servers monitored for ransomware-like activity?
  • Are monitors in place for administrative changes (e.g., domain admins)?
  • Are independent penetration tests performed periodically? 


To learn more about the methods used by cyberattackers and how to minimize the risk of their success, access the member-exclusive on-demand webinar, “Threat Potential: Steps to Stronger Cybersecurity”:

About the Author

MGMA Staff Members

Shopping Cart

Your cart is empty



Use two letter code for US states
Use three letter code for country
Use two letter code for US states
Use three letter code for country

Grand Total:
Use two letter code for US states
Use three letter code for country

Questions? Contact the MGMA Service Center for assistance during checkout or review our return policy for more information.



Back to top