Why Does Cybersecurity Matter?
So why should medical practices be worried about cyberattacks? Patient Data! Healthcare organizations are prime targets of cyber attackers because of the importance and value of patient data. Even a small practice with several physicians will have accumulated tens of thousands of patient records over several years of operation. These records include essentially everything about each person: name, address, phone number, email, social security number, insurance information, and personal details of their health conditions. Small practices are just as likely to be attacked. Although the attacker will probably not be state-sponsored attack, it will be an individual in a third world country. All an attacker needs to disrupt your practice is a laptop and an internet connection which will essentially allow them to be anywhere in the world. These individual attackers are looking to make just a few thousand dollars but the damage they will cost practice can easily be several hundred thousand dollars not to mention your company’s reputation with your patients and the community.
Cyberattacks on healthcare more than doubled in 2020, with ransomware accounting for 28 percent of all attacks. COVID-19 response efforts, including personal protective equipment and the vaccine supply chain were the largest focus of these targeted campaigns, according to the latest IBM X-Force report.
What Do Physicians Need to Know?
Most physician’s knowledge of computer security is the anti-virus program that runs on their computer. While this is a component, managing cybersecurity is a very complex topic which encompass networked computers, cloud-based applications, passwords, staff, training, and establishing processes. A cybersecurity attack can result in everything from identity theft, to extortion attempts, to the loss of important data like patient records, company financial records or reputation.
Imagine there is an attack on your computer network with a denial of service (DOS) attack. You’ve lost your internet connections, your email, maybe your phone system, fax, and your EHR. Normal operations grind to a halt for your practice. The attacker demands $100,000 to return your network service. What do you do? This example is a realistic scenario that can easily happen to your practice.
How do I start managing cybersecurity threats for my practice?
While deciding where to start to address cybersecurity threats can be daunting, there are core questions that every physician or practice manager should ask which will lead to the development of a plan for managing cybersecurity.
What cybersecurity software should I use?
This is more than just simple anti-virus software running on each computer. It needs to be a network solution which encompasses antivirus, anti-malware, firewalls, email security, and Intrusion prevention systems (IPS). While there are companies that offer do-it-yourself solutions (e.g. Avast, Trend Micro, and Semantic), it is better to have an IT professional to install and manage network security applications due to the complexity and constant change.
Do I need a plan for computer passwords?
Absolutely and Emphatically YES! Passwords are the first line of defense for protecting digital information in your practice. The dangers caused by using simple passwords are very real for a practice. Hackers can and will find ways to install malware and steal patient or financial information. You must have a password policy to ensure consistent and strong passwords for everyone in your practice.
Should I backup the data for my practice?
There are a lot of ways that data can be lost in a physician practice. Natural disasters, power outages, or employee turnover. Ransomware is continually in the news, with new strains entering businesses in clever new ways to encrypt and demand ransom for the hijacked files or a Denial of Service (DoS) which totally shuts your network down. Making regular and effective data backups is core to your cybersecurity plan. The time and cost to implement data backups is minimal compared to the weeks and months needed to recover from a serious loss.
Answering these questions will lay the foundation for a cybersecurity plan for your physician practice. The next steps will be to implement a detailed cybersecurity plan, checklist, and training for everyone in the practice.
To learn more about Cybersecurity and Using Health Care IT, join us on Facebook, Twitter, and LinkedIn.
