Your Money or Your Life? Don't Let Either Get Hijacked.
As of April this year, 30 U.S. hospitals and health systems experienced data breaches, exposing 2 million patients' personally identifiable information (PII) to theft and misuse, says Security Boulevard. The average ransom demand to recover hijacked data these days? $4.6 million.
Medical practices, regardless of size, are easy targets for hackers because they typically lack the security expertise, resources or technology required to protect against today's sophisticated criminals. The truth is every practice needs a cybersecurity plan.
I would like to suggest steps to protect your patients, protected health information and your practice.
Bottom line: Don't fall for feeling safe because you're small. Patient safety and HIPAA compliance are at stake. As HIPAA audits start to pick back up, revive your knowledge of how to keep your security healthy.
- Teach your staff to be sentinels. Human error is the main cause of many data breaches. Provide cybersecurity awareness training for your team. Enforce timely installation of software updates. Use two-factor authentication and complex passwords, and change those passwords regularly.
- Don't let the big one bite. The AMA says, "Four out of five physicians have been the victim of cyberattacks," the most common of which is phishing. This is when scammers bait people into opening emails that either lodge dangerous code on the office computer or ask people to hand over sensitive information like passwords. Three billion fake emails are sent daily – that's off the hook!
- Watch your website. Use a website scanner to monitor for suspicious activity, patch any openings into your network and remove any damaging code if detected. Also, set up a firewall to block cyberattacks and keep unwanted traffic off your website.
- Ready your response plan. Because it's a question of when rather than if, it pays to work with a technical advisor, a marketer and your staff to develop a crisis response plan. Prepare your people so that copy and communications are in place to notify patients, the hospital and your insurance company.