When it comes to identifying a practice’s top cybersecurity threat, look beyond the hackers and email scammers. Instead, physicians and practice administrators need only glance around the office.
Further reading: Cybersecurity finally becoming healthcare priority
Cyber criminals’ success depends on tricking busy, distracted workers into clicking on links or attachments that will enable them to download ransomware onto the user’s device, where it can infect the network and lock up all data until a ransom is paid.
“Cyber criminals think that if they can attack your system long enough to cause you to panic, they can get you to pay almost anything to get your system back,” says Cathy Bryant, manager of product development and consulting services at Austin-based Texas Medical Liability Trust (TMLT), which offers cyber liability coverage to physicians and is the state’s largest medical malpractice carrier.
Healthcare organizations must develop and foster a culture of cybersecurity to protect against outside threats. This means making health data security a business priority. Here are some ways to create this culture among the staff:
Appoint an employee or outsourced firm to oversee information security.
Conduct a comprehensive risk analysis. Identify every place where the practice stores protected health information, financial data and other sensitive information and determine how the data may be vulnerable to an attack or breach, says Daniel Klein, JD, a Dallas attorney who specializes in data security and HIPAA compliance at Kane Russell Coleman Logan PC.
Hot topic: How will health IT trends evolve in 2017?
Craft a risk management plan. It should address how the practice will mitigate the risks that were uncovered during the risk analysis, Klein says.