Health care data breaches were up sharply in 2022. Here's how to keep your practice safe from attacks.
As the cybersecurity landscape rapidly changes, independent practices have become a prime target for malicious activities.
Recent data from the U.S. government paints an alarming picture: health care breaches spiked significantly in 2022, nearly doubling compared to 2021 figures.
Independent practices are particularly vulnerable due to fewer resources and are often less equipped to handle breaches. Cybersecurity requires a holistic approach on both an individual and organizational level. Fortunately, cybersecurity doesn’t have to be complex: medical practice owners can take simple steps today to protect patient data.
1. Keep your software updated
Keeping your software up to date is critical and one of the most important steps to implement.
The good news is it is simple. Health IT companies regularly release updates to fix identified vulnerabilities in their products. These enhancements indicate your software has a secure development lifecycle and is built to look for known weaknesses and development vulnerabilities before they become problems.
Regularly updating your applications helps ensure you don't miss out on these essential fixes. When updates become available, you will be notified by your software provider and either prompted to download the update, or it will do so automatically.
As a best practice, I recommend setting updates to install automatically so that you are always using the most secure version of your product.
2. Use a password manager and enable multi-factor authentication
Humans are often the weakest link when it comes to data security, using the same password across multiple accounts and platforms. And while this practice may simplify having to remember passwords for each account, it increases the risk of credential stuffing, a term for hackers using previously stolen login credentials from one website and entering them into various sites until they find a match.
Every account should have its own long, unique, and random password. The simplest approach is to use an encrypted password manager like LastPass, to generate complex passwords for each account and store the information for you. Password managers are protected by a master password, ensuring your information is protected no matter who accesses your device.
Multi-factor authentication takes security one step further. By requiring users to provide another piece of proof before they can access data or a system, you add a layer of protection. This proof can include something the user knows (e.g., a security question, PIN, or knowledge-based authentication), something they have (e.g., a key fob or mobile device), or something unique to them (like a fingerprint, face scan, or retinal scan).
3. Use plus addressing for email
With email being the predominant communication channel within a business, email compromise is one of the most financially damaging online crimes.
In addition, scam emails often look like they come from legitimate sources, making them a challenge to detect, especially when you have multiple team members with varying technical abilities.
Common hacker tricks include sending a link to click or requiring the user to act by projecting a sense of urgency. Although you can take steps like contacting the sender or hovering over a link to preview its contents, “plus addressing” is more secure and reliable.
Plus addressing is an email practice that enables the user to create receive-only email address extensions that look like firstname.lastname@example.org. Its purpose is to verify the legitimacy of an email from a patient, partner, vendor, or external account. Plus addressing provides two benefits: it protects against phishing scams and helps filter out junk mail faster by creating multiple inboxes within one account.
As medical technology advances and the internet of things becomes a more significant part of our lives, medical practice owners must adapt their security efforts to contend with increasing cyber threats.
Cybersecurity requires constant vigilance and a proactive approach from everyone within your practice. It is important that everyone in your organization stays alert and actively safeguards data from potential malicious activity.
Kyle Ryan is the chief technology officer at Tebra, a cloud-based health care technology platform.