How can businesses proactively learn from Manage My Health?
When news breaks about a major data breach, like the recent Manage My Health incident, it’s tempting to think it wouldn’t happen to you. Realistically, every business regardless of size handles sensitive information, with devastating consequences if something goes wrong, from lost trust to financial pain.
So, what can small businesses learn from this? Let’s keep it practical and feasible.
Plan for the unpredictable; a stitch in time saves nine
When an event impacting business operations happens, panic is the enemy. That’s why you need a clear plan that can guide how you navigate the uncertain world of cyber threats.
But be aware that a plan sitting dormant in a folder isn’t enough. Dynamically test, run through scenarios and adjust as you uncover new risks, with the goal of confidence, not perfection. Security isn’t static, it’s an ongoing habit, and businesses that regularly practise are the ones that bounce back stronger when challenges come their way.
Here are some suggestions to start with:
Pick a recognised security standard and measure yourself against it.
Schedule quarterly tests to identify vulnerabilities.
Document a response plan and practise/communicate it with your team.
Our commitment: Gold Certification and beyond
At Houston, we don’t just talk about security; we invest in it. Last year, we achieved Gold level certification in the SMB1001 framework, a recognised standard for small and medium businesses. This isn’t just a check box exercise, but a deep dive into our systems and practices, to highlight areas needing improvement. We took those findings and made necessary changes, as part of the certification pathway.
Our journey didn’t end there; we also reviewed our broader business risks beyond technology, to consider operational and strategic vulnerabilities that we could mitigate. Lastly, we put our plans to the test, using our incident response ‘playbook’ as a guide when running recovery drills, to ensure we could bounce back quickly if something went wrong.
These exercises weren’t purely theoretical, which gave us valuable insights and led to further refinements. Having a security framework will give you a benchmark to measure against, but compliance should not go without aggressive testing.
Just like a fire drill, you don’t just assume the exits work: you practise getting out. Much like security controls, run tests, simulate attacks and challenge your systems, with the expectation of finding gaps or new avenues. That’s not failure, but a sign of progress, as a clean bill of health today won’t guarantee safety tomorrow.
IntelliMed's safeguards
Likewise, our flagship software IntelliMed is developed with security and data protection as fundamental design principles. The platform follows a secure-by-design approach, with appropriate controls applied to data access, system architecture and ongoing maintenance.
As part of responsible software delivery, security reviews and testing are conducted to identify and manage risks, in line with industry expectations for HISO. This ensures that healthcare organisations can have confidence that IntelliMed is built and operated with a strong focus on protecting sensitive information and maintaining system reliability.
Don't just tick the box
Don’t settle for a checked box; test, practise and improve. Because when the unexpected happens, preparation beats panic every time. Having a security standard in place is a great start, to give you a benchmark to measure against.
At Houston, we offer cybersecurity evaluations based on SMB1001 and the Essential Eight, with specialist audits tailored to industry standards, with practical suggestions to take away. This simple precaution is affordable, constructive and easy to implement with your existing IT infrastructure, just ask!
Stay safe
Our goal is simple: to give our customers confidence that their data is protected and that we’re ready to respond if the unexpected happens.
Wishing you and your team a safe start to your year, and we hope to hear from you soon.
The Houston Team