How to Safeguard Your Practice From Cybersecurity Threats
Cyberattacks are all too common these days. What can you do to protect your patient and practice data?
Health care continues to be the most targeted sector for cyberattacks due to the availability of valuable patient information, the financial soundness and resource capacity of the industry, and network vulnerability (see resources at the end of this article). Between 2009 and 2020, 3,139 data breaches were reported to the U.S. Department of Health and Human Services, with the volume trending upward each year. Of the multiple cybersecurity threats associated with health care, ransomware attacks and employee-related breaches are the most common confronting physician practices. According to the AMA, physicians are most concerned about threats resulting in the theft of their patients’ health, personal, and financial information.
In addition to the financial implications that may arise from the increase of health care–related cyberthreats, health care providers are also exposed to potential litigation associated with breaches of confidentiality. The alarming frequency and severity of these attacks speak to the urgency of implementing more robust cybersecurity practices within the industry. In fact, the health care and public health industry is forecasted to spend $18 billion on cybersecurity in 2021 alone.
Health care professionals handle patients’ health, personal, and financial information daily. With the detrimental effects of cybercrime extending beyond the walls of confidentiality and associated liability, cybersecurity must be a priority.
The following are some risk management considerations to help enhance your practice’s cybersecurity protection:
Implement Cyberattack Safeguards
•
Internet connection
◦
Install and/or enable all firewall settings available in the operating system you utilize to create a barrier between the internal network and the internet.
◦
Protect internet routers with strong passwords designed to prevent unauthorized access, potential control of the device, and the recording of internet communications.
◦
Apply network segmentation to segregate network traffic (example: separate networks for online communications and record keeping of confidential information).
◦
Use a virtual private network (VPN) for remote access of information.
◦
Use routers to facilitate separation of the patient’s Wi-Fi network from the practice network.
◦
Default computer settings to automatically download patches and system updates.
◦
Use platforms for telemedicine that comply with the Health Insurance Portability and Accountability Act.
◦
Destroy all data stored in the hard drives of leased equipment before returning it to the vendor.
•
Backup practice data regularly to avoid paying a ransom fee in the event of a cyberattack.
Establish Policies and Procedures for Workplace Cybersecurity
•
Require strong passwords (using a combination of different letters, numbers, and special characters).
•
Change passwords at least quarterly.
•
Encrypt all mobile devices, including email.
•
Use multifactor authentication to verify user’s login identity.
•
Incorporate cybersecurity training, such as identifying phishing attacks, as part of your practice orientation and ongoing competency.
•
Restrict employees’ ability to install software applications on devices belonging to the practice.
•
Develop and test a cyber-incident response plan.
Cybersecurity threats are here to stay, but simple measures can help protect your practice and reduce your risk. ■
This information is provided as a risk management resource for Allied World policyholders and should not be construed as legal or clinical advice. This material may not be reproduced or distributed without the express, written permission of Allied World Assurance Company Holdings Ltd, a Fairfax company (“Allied World”). Risk management services are provided by or arranged through AWAC Services Company, a member company of Allied World. © 2021 Allied World Assurance Company Holdings, Ltd. All Rights Reserved.
“The Next Year of Healthcare Cybersecurity” is posted here.
“Top Two Cybersecurity Threats Facing Physician Practices” is posted here.
“Physician Cybersecurity” by the AMA is posted here.
Biographies
Gloria Umali, R.N., M.S., C.P.H.R.M., is assistant vice president of the Risk Management Group of AWAC Services Company, a member company of Allied World. Risk management services are provided as an exclusive benefit to insureds of the APA-endorsed American Professional Agency Inc. liability insurance program.
Information & Authors
Information
Published In
Psychiatric News
History
Published online: 30 November 2021
Published in print: December 1, 2021 – December 31, 2021
Keywords
Authors
Metrics & Citations
Metrics
Citations
Export Citations
If you have the appropriate software installed, you can download article citation data to the citation manager of your choice. Simply select your manager software from the list below and click Download.
For more information or tips please see 'Downloading to a citation manager' in the Help menu.
There are no citations for this item
View Options
View options
Get Access
Login options
Already a subscriber? Access your subscription through your login credentials or your institution for full access to this article.
Personal login Institutional Login Open Athens loginNot a subscriber?
PsychiatryOnline subscription options offer access to the DSM-5-TR® library, books, journals, CME, and patient resources. This all-in-one virtual library provides psychiatrists and mental health professionals with key resources for diagnosis, treatment, research, and professional development.
Need more help? PsychiatryOnline Customer Service may be reached by emailing [email protected] or by calling 800-368-5777 (in the U.S.) or 703-907-7322 (outside the U.S.).