How Are You Protecting Your Printing Devices From Security Breaches?

Why you may not be doing enough to guard your sensitive data, and how to level up your protection. 

We all recognize that in today’s business environment, even the smallest businesses rely heavily on information technology to handle daily operations such as printing documents and managing data. But not many small business owners recognize the necessity of using strong security measures and streamlining their print processes to protect their sensitive information. That information is extremely valuable — especially to the viability and success of your business, but also to criminals, who are making smaller businesses the targets of data breaches.

The good news is that there are easy and affordable ways to strengthen your IT environment, no matter how small your staff or budget. And by taking some simple steps to improve security measures and optimize your printing processes, you can also streamline your workflow to get more done each day. 

It’s likely just a matter of time before your organization is attacked

If you haven’t already experienced a data breach, count yourself lucky. What has become clear is that waiting until an incident occurs is no longer an option.

Over the last few years, the U.S. has seen a surge in cyber threats directly linked to printing and network-related security breaches, with an especially alarming increase beginning during the pandemic. Data breaches have since continued to increase among organizations large and small, with 2023 the worst year yet for data breaches. Healthcare and finance were the industries most affected.

Per The HIPAA Journal, cyberattacks are a regular occurrence at healthcare organizations and hospitals around the country. The Journal lists HIPAA breaches as they’re reported, affecting anywhere from thousands to at least 14 million people whose personal health information was at risk to being exposed.

Even worse, one breach can have global repercussions and significant downstream effects on SMBs. Between 800 and 1,500 businesses around the world were affected when Florida-based technology firm Kaseya, a company that provides software tools to IT outsourcing shops, was hacked. The 2021 attack paralyzed hundreds of businesses on five continents, many of whom were clients of Kaseya’s clients that perform back-office work for companies that don’t have the manpower or budgets for their own tech departments. Those affected ranged from dentists’ offices and accountants to larger entities such as schools and supermarkets.

Last August, a government contractor working with The Centers for Medicare & Medicaid Services (CMS) discovered “unusual activity” in a file-transfer application used by both commercial and government customers. That’s when the provider of the application admitted a vulnerability in the program that “had allowed an unauthorized party to gain access to files across many organizations in both the government and private sectors.” CMS was notified on June 2, and the breach resulted in putting the Social Security numbers, birth dates, driver’s license numbers, health insurance claims, medical history notes, prescription information and other personally identifiable information of 612,000 Medicare beneficiaries at risk.

Among the various types of cyberthreats involving digital devices, ransomware attacks have increasingly been on the rise the last few years. Just this past February, a major U.S. healthcare organization reportedly paid $22M to hackers to regain control of their networks. The attack affected hospitals, physicians and pharmacies, creating so much disruption in multiple administrative and billing processes that it forced medical practices to go without revenue for well over a week.

Security breaches, including ransomware attacks, are now just as likely to affect small businesses. While awareness has grown in recent years due to media coverage, 41% of small businesses became victims of a cyberattack in 2023 – a rise of 38% from 2022. In fact, according to a 2024 report, 46% of all cyber breaches affect businesses of less than 1,000 employees. Per Insurance Business Magazine, U.S. small businesses paid more than $16,000 in ransom from cyberattacks over the past 12 months. While phishing is still the most common method for these cyberattacks, at 53%, unpatched servers or virtual private networks (VPNs) (38%) and credentials theft (29%) were the next most vulnerable points of entry.

In each of these cases, there was more to lose than data or the money required to get back to business, including days of disruptions to operations and loss of customer trust. But there’s also the threat of legal costs due to breaking government-mandated compliance regulations and privacy laws, whether for customers, suppliers or patients of a healthcare organization.

Secure connectivity leads to better regulatory compliance and patient care for healthcare organizations

Sharing protected patient information securely and efficiently is particularly important in the post-acute and extended-care community, where technology adoption has been slower compared to hospitals and physician clinics. Data breaches and fines for noncompliance weigh more heavily on smaller organizations, although large healthcare networks and major hospitals are feeling the brunt and related expense of unsecured healthcare-enabled devices. In fact, studies show that approximately 80 percent of serious medical errors are due to miscommunication among caregivers, resulting in an annual cost of approximately $20 billion and exposing patients to preventable harm. In fact, approximately 400,000 hospitalized patients are the victims of preventable harm each year. In addition to being a leading cause of death in the United States, medical errors often result when patients move from one care setting to another, such as from the hospital to a skilled nursing facility or long-term care.

No matter the situation or care setting, correct information about patient care is essential to ensure the right care and the protection of valuable information about each patient. Not having access to correct and timely information sets organizations up for noncompliance, and even malpractice lawsuits. It also creates the burden of additional work when it comes to billing and administrative tasks, especially in the realm of healthcare insurance.

Critical healthcare regulations protect patients, providers and payers

In addition to the Health Insurance Portability and Accountability Act (HIPAA), the federal law that protects the privacy and security of patients’ health information, every healthcare practice must also comply with the Health Information Technology for Economic and Clinical Health (HITECH) Act, which promotes the meaningful use of health information technology and provides financial incentives to healthcare providers and organizations that implement and use certified electronic health records (EHRs) and other health IT systems. In addition to improving the quality and efficiency of care delivery, HITECH also strengthened HIPAA’s privacy and security rules by requiring healthcare organizations to report data breaches to the Department of Health and Human Services (HHS) and to affected patients. Organizations that work within healthcare that don’t comply with these regulations are at risk for costly fines and penalties and potential lawsuits.

Every healthcare organization relies on digital technology to capture, store and transmit patient information across the care continuum. Secure and seamless interoperability not only improves patient care, but also reduces the workload for organizations that are already short on staff.

Staying proactive is the key to security and meeting legal compliance

You can do a lot to boost your security and increase your overall productivity without adding complexity or major expense. Let’s specifically take a look at printers and steps to mitigate risk:

  • Keep each printer’s operating system and software patches up to date – simple, but surprisingly, many small businesses neglect to do this. Updates will add security to your printer and sometimes can even fix security breaches.
  • Change user PINs and passwords regularly, generally quarterly. When a password is the same for an extended period — and especially if it’s the same for all your devices — the chance of a security breach is higher.
  • Avoid using passwords that feature personal information, such as a phone number, address, Social Security number or other key identifiers for your business. This would seem obvious, but studies have shown that people use common passwords (12345, 4321, etc.) and even the word “password” or their own name.
  • Turn on two-factor, aka multifactor, authentication. There are some applications, including Okta and Duo, that require users to authenticate their identity on multiple devices for access. So if a printer requires a personal PIN, you could enter the PIN and use a two-factor authentication app to access your phone or computer.
  • Turn off any network services or protocols that aren’t being used. Don’t give bad actors more ways to hack your printer or computer.
  • You can restrict your print device on the network by only allowing certain devices or networks to connect to the printer or MFP. This is better known as IP Filtering or Access Control Lists (ACL). By enabling IP filtering, you are telling the device to only accept connections from specific and known IP addresses or networks. You can filter devices on a single IP address or restrict access to a group of devices using a subnet mask that only allows specific networks to access to the device.
  • Train your employees on best practices for secure printing as well as how to spot a potential attack on their computer or smartphone. Human error is often the weakest link in an organization’s security, so training on what to look for is one of the best ways to halt an attack, because it only takes one click on a malicious link to create a disaster at work. Include this training for every new employee and make sure printer security measures are featured in your security policies and employee handbook.
  • Stay on guard for multiple points of potential attacks, or what security people refer to as “attack vectors.” Because office printers are usually set up for convenience and accessibility within your office, it’s best to prevent outside access. These days printers may be accessed from outside your network so that employees can print remotely. Vendors and suppliers may also become attack vectors, putting your business’s sensitive information available from one easy target when maintenance or supplies such as toner are delivered.

For healthcare organizations, implementing secure printing solutions can be the best option

This not only better safeguards the safety of sensitive data, but it also saves steps, reduces your costs and boosts overall productivity. With advanced, built-in features, your employees can print effortlessly without worrying about their documents falling into the wrong hands.

From customizable settings to seamless integration with cloud applications, secure printing solutions let you optimize your business processes and automatically enhance security for your workplace. And as you grow, seamless printing and cloud-based solutions let you scale your operations more easily and affordably and increase output while you maintain quality and control costs.

Alleviating the burden of IT management through smart printing devices and third-party services allows you to customize and integrate exactly what you need for the specific ways your business works. With intelligent tools, you can easily group apps together for convenience, making it easier to locate and print specific documents without wasting valuable time searching through folders or scrolling through endless lists of files. And with instant support available, such as those with a printing system that offers remote maintenance capabilities, you can quickly troubleshoot any issues that arise and receive instant support without waiting for onsite service visits. This minimizes downtime and maximizes the availability of your systems, allowing you and your staff to focus on running your business.  

Chris Bilello is Vice President, Business Solutions Development, Konica Minolta.