Cybersecurity: A Must for Your Practice
Imagine you’re in the middle of adjusting your patient. You look over at your computer screen to access the patient’s chart, and you’re greeted with a demand for payment before you can regain access. It says you either pay the ransom immediately or your entire computer network will be locked down to the point of being unusable.
Don’t laugh this scenario off as some sci-fi nonsense. Ransomware attacks crippled healthcare providers around the world in the infamous 2017 WannaCry cyberattack. An estimated 300,000 computers were infected in 150 countries, shutting down computer systems and phones. Healthcare providers resorted to using pen and paper and were forced to postpone procedures, in many cases urging patients to seek medical care only in an emergency. For a healthcare business to remain compliant with the guidelines and requirements set forth by the Health Insurance Portability and Accountability Act (HIPAA), it must safeguard its patients’ personal information.
The Plague of Ransomware
This kind of attack is a growing threat in the healthcare industry worldwide, for practices large and small. In fact, hackers might prefer to set their sights on smaller practices, according to Bruce Snell, a cybersecurity expert for Tokyo-based NTT Security. “They may see a smaller organization as a more tempting target,” he says. “The thought process is that a smaller practice may not have good backups or a security plan or tools in place, so it might be worth [the hacker’s] time to spend 8 hours putting together a phishing attack that might get $15,000-$30,000 out of them through ransomware.”
Many cybersecurity experts warn that it’s not a matter of IF a healthcare practice will get attacked, but WHEN. And ransomware attacks are by far the biggest threat. Hackers consider medical practitioners to be ripe targets because they depend on having immediate access to patients’ medical information. For that reason, some victims will pay the ransom, thus encouraging more attacks on other providers.
How To Defend Your Practice Against Cyberattacks
Although a sophisticated system of cybersecurity might be beyond the budgets of small chiropractic practices, in many cases that’s not what they need. Some simple steps are often enough to send hackers looking for an easier target that hasn’t done the work to protect itself. Here are a few things every practice should do to play better defense.
- Learn from the Experts. Pay a visit to the National Coordinator for Health IT, which compiles advice and resources for healthcare professionals concerned with cybersecurity.
- Educate Your Entire Staff. No cybersecurity system will work if you have employees opening phishing emails or downloading Trojan horses. In fact, a recent study found that more than 90% of cyberattacks originated from human errors or behavior. Educate everyone on your team to spot scams and be wary of any email they open or any website they visit.
- Secure your Email System. Cyberattacks often originate from breaches of email security. Take steps to make sure your system is secure.
- Use Better Passwords. Hackers employ a variety of techniques to guess passwords. Best practices for developing secure passwords include using a different password on every computer or device, not using whole words in passwords, changing passwords regularly, and not using your personal passwords in your business. In many cases, using password-saving software like LastPass or Dashlane can make all this easier.
- Use Cloud-based Services. Using cloud-based systems for storing records and other important info can boost security because those platforms are likely to have strong security systems in place. Security professionals argue that any business without a system of automatic file backups is nothing short of irresponsible.
With all the rules and regulations around healthcare today, it can be difficult to see just where your risks may lie. A reliable compliance consultant can perform a Gap Analysis to see where you may be deficient. If your practice is that juicy, low-hanging fruit for hackers, make it a priority to step up your defenses. Doing so could prevent some painful surprises for you, your patients, and your business.