Cyber Security

Protect your Practice and your Patients

In today’s connected world, you should assume that the Russians are reading every email you send and take steps to defend against the cyber threats against you and your patients’ information. This involves not only ensuring that your IT team has set things up securely, but that you and your staff follow security protocols. The weak link in most cyber security crimes is simply the human who unwittingly hands over valuable information to the criminals. Here are some basic steps to review with your staff to ensure your data is held securely:

Protect patient and practice financial information online

• Use security software for computers and mobile phones – and keep it updated.

• Make sure anti-virus software for computers has a feature to stop malware, and that there is a firewall enabled that can prevent intrusions.

• Use strong and unique passwords for all accounts - not just your dog’s name for every website.

• Use multi-factor authentication whenever possible. It is an annoying but important step.

• Avoid using unsecured and public Wi-Fi in places like coffee shops, malls or restaurants.

• Ensure that staff are not using office computers to check personal email or social media sites.

Review practice security protocols

• Deploy the "Security Six" measures

  • Activate anti-virus software on every computer

  • Use a firewall on the practice server

  • Opt for two-factor authentication when available

  • Use backup software/services

  • Use drive encryption

  • Create and secure Virtual Private Networks

• Create a data security plan for patient data

• Educate yourself and staff on phishing scams

  • Keep up to date on the latest phishing scams. Remember that they will use fear and FOMO to motivate.

  • Beware of ransomware - simply clicking on an infected email can let it into your system.

• Recognize the signs of patient data theft

  • Patients being billed for services that they did not receive

  • Debt collections harassing a patient for medical debt they do not owe

  • Patients’ personal information and credit cards being used for fraudulent charges.

Remember that having a plan is only step one in preventing a cyber breach in your practice. The real prevention comes down to you and your staff following those protocols.

Take some adapted advice from Smokey Bear: “ONLY YOU CAN PREVENT CYBER CRIME"