Protecting Patient Data: Steps to Prevent Hacking
Physicians at small practices may assume that they are not a target, resulting in lax security practices.
HealthDay News — Steps should be taken to protect medical practices, including small practices, from hackers, according to a report published in Medical Economics.
The authors note that physicians at small practices assume they are not attractive to hackers and consequently have lax security, making them candidates for an easy hack.
According to the report, physicians should be aware that small practices are still a target, with attractive data sets that can be monetized on the internet black market, especially as larger organizations improve security. The phishing attack is the most common way of gaining unauthorized entry, via a legitimate-looking e-mail with an attachment that gives the hacker access; phishing attacks can also occur via text or phone calls. Employee training and prioritizing security are the first specific strategies to stop hackers. In addition, all operating systems on all devices should be regularly patched; care should be taken using social media; anti-virus software should be used; and attention should be payed to open wi-fi networks in the office, such as in the waiting room. Levels of administrative access should be limited, and all data must be backed up.
"Security has to be ingrained as part of the culture of the practice," John Riggi, from BDO's Center for Healthcare Excellence & Innovation and a former chief of the FBI's Cyber Division Outreach Section, said in the article. "The threat is not going away and can never be eliminated – only mitigated."
Pratt MK. Interconnectivity, more devices heighten security risk to EHRs. Medical Economics. Published February 16, 2017. Accessed March 1, 2017.