Protecting Your Medical Practice from Cyberattacks
Jennifer Moreno | October 4, 2019
According to a recent American Medical Association (AMA) survey, 83 percent of medical practices have suffered a cyberattack, putting sensitive patient data and their practice’s reputation at risk. In fact, cyberattacks targeting health care technology systems have more than doubled in the last five years.
With so many physicians targeted, you need to make sure your practice has an up-to-date, strong cybersecurity system in place.
Good cybersecurity typically starts with ensuring office computers are kept safe from malware and malicious code. Make sure all accounts are password-protected and that employees use strong passwords and don’t share their login information.
Also verify that any software running on each terminal is up-to-date, particularly anti-virus software. Vendors often alert users about new updates or “patches” that address a vulnerability in the program. Ideally, your anti-virus software program will automatically check for updates.
Don’t forget other devices
The growing use of online connectivity has made it easier than ever to connect with patients and provide them with information, even away from the office. But mobile devices are another exposure point that cyber criminals can exploit.
Along with traditional computers and mobile devices, verify that other electronic devices used by the practice to communicate or handle and store data are properly encrypted. This can include printers and fax machines. Most people don’t realize that these ancillary devices also store data and that data needs to be secure.
Keep Your Wi-Fi Private
Modern technology has also made wireless internet access ubiquitous among all types of businesses. Make sure that your practice’s Wi-Fi network is private and properly secured. Either use the built-in firewall with the office’s wireless routers or install a separate firewall hardware device.
If your practice chooses to make Wi-Fi connectivity available to patients, create a separate, public network so that unauthorized users can’t get access to the practice’s main network.
Hire an expert
While you probably conduct reviews of how patient data is handled to ensure HIPPA compliance, cybersecurity reviews should include experienced information technology professionals. Review your practice’s cybersecurity measures on a regular basis and provide employees with information on cybersecurity rules that they need to follow. Being proactive can help identify vulnerabilities before a cyberattack occurs.
Also keep abreast of new developments on physician cybersecurity best practices. The AMA and Department of Health and Human Services both offer resources on how physicians can protect patient data and stay in compliance with the laws and regulations concerning patient privacy.
Questions about cybersecurity within your medical practice? Please contact Jennifer Moreno in REDW’s Cybersecurity Department at 505.998.3239.