Fact: Nearly 100% of CHC websites don’t use a web application firewall

Reducible risk:  Few CHC websites are enhancing security

Out of the CHC websites surveyed



DO NOT use a web application firewall



DO use a web application firewall

3 Things to Know:

  1. WordPress is vulnerable. Some security providers say 70%+ of WordPress installations are vulnerable to hacking. Services such as Cloudflare, a web security company popular among hospitals and other health care organizations, can optimize performance and protect against SQL injections and other incursions. 
  2. HIPAA language is deliberately vague on site security. HIPAA requires that patient data is available only to authorized people. The rest is largely up to you, and there’s no formal validation process for meeting the HIPAA Security and HITECH standards for PHI. 
  3. Actions.
    1. Assess website security as part of overall data security. For inclusion: Risk assessment of cloud security, EHR applications, email, devices. Also internal/external threat detection, employee training, and emergency planning.
    2. Do some triage. Starting with relatively simple security solutions like Cloudflare can often answer immediate needs.
    3. Contact drinkcaffeine for a complimentary planning consultation. 

About the drinkcaffeine Health Center Website Study:

  • A sample of 237 Community Health Center websites nationally
  • Each one evaluated on 12 essential performance criteria
  • Confidence interval/Margin of Error: 5.8% with 95% confidence

When you’re ready to use data to solve healthcare communications problems, contact us.