How to Protect Your Medical Practice from a Cyberattack
There was a time when financial institutions and businesses faced the constant threat of having their cash registers and banks cleaned out by criminals. As security systems evolved, so have criminals; where the prize was once money in the drawer, now it’s data in the servers. Medical practices face the prospect of this new threat that will grow and change naturally with the technology available to society: cyberattacks. It’s essential to take preventative measures to protect patient privacy, sensitive information, finances and more. Read on to learn how to protect your medical practice from a cyberattack.
Why Medical Practices?
Despite their lack of coverage in the media, medical practices are successfully attacked every year. A recent survey of 1,300 physicians found that 83% had experienced some sort of cyberattack. Why are they being targeted? Doctors’ offices and hospitals are attractive targets because the information they store is extremely sensitive, which gives hackers an advantage in leveraging payment. A medical practice experiencing this type of attack will undoubtedly be faced with an interruption of services.
An interruption of services due to an attack can cost a practice thousands of dollars, as well as hindering the trust of your future and current patients. Advancements in cyber security and initiatives by the Health Care Industry Cybersecurity Task Force have proven effective at deterring attacks, but arguably the most important aspect of cyber security is what goes on inside your practice.
Take Control of Data
Addresses and insurance information alone present a tempting opportunity for cyber criminals. Keeping this information safe should be your first step in securing your practice, and you can do so by educating your employees on what cyber security looks like in their day-to-day work. Emphasize the importance of logging out of systems every time employees leave their computers, and make sure everyone’s login information is unique. Attention should also be placed on access restriction, with only authorized members of your staff given access to the most sensitive information. Employees that have been let go, or have resigned, should immediately be stripped of all access authorization to prevent retaliation or outside breaches.
In addition to removing permissions from ex-employees, it’s imperative that you change your passwords afterwards. Choosing a new password doesn’t mean adding one more character to your current one or reverting to passwords in the past. Passwords should be unique to each system, device, and employee; cutting corners only leads to more problems in the future. Software also presents an opportunity to cut corners; whenever you’re notified of a new update for your software, notify your IT team, and then wait for their assessment of the patches, updates, and possible risks to your systems.
Plan for the Worst
If you have not moved all or the bulk of your data into cloud storage, then your practice is playing a dangerous game. Not only does a cloud keep information off vulnerable in-house servers, but also gives your practice a safety net in the event your data is held ransom. Risk assessments should be performed regularly, and your staff should be informed of each new security threat or process. The rate of recovery after a cyberattack depends on the measures your practice has taken ahead of time. Communication among security personnel and unaffected data in a cloud are your practice’s best bet at bouncing back from an attack.