• MJHLS Brand Logo

© 2020 MJH Life Sciences and Medical Economics. All rights reserved.

The five biggest cybersecurity threats to a medical practice

February 11, 2020
Todd Shryock , Logan Lutton

From phishing to malware, these are the security risks you need to guard against.

Hackers have advanced well beyond scams involving a Nigerian prince. Now, they are more likely to be part of professional criminal organizations with substantial resources.

Consequently, medical practices face more cyber risks than ever before. Here are the five biggest cybersecurity threats to guard against.

Phishing attacks

  • When a hacker sends an email pretending to be from a trusted entity, such as a bank or insurance company. These emails often request credit card information or login credentials.

  • The emails may look legitimate, and may request users click on a link that might look like a security update or company website, but will actually download malware onto their computer.

Spear phishing attacks

  • A much more targeted version of phishing, with hackers using social media to gain information about the target.  

Example: Hackers might discover that a medical practice is doing business with a certain supplier and research the names of accounts payable personnel from that company. They then create emails that appear to be coming from specific people from the company and may reference specific projects to add legitimacy. These emails usually request payments, login information or for the user to click on a link that will compromise their computer.

Poor password management

  • Using the same password for all devices makes it easy for hackers to compromise multiple systems.

  • The situation is even worse if physicians use the same password for their home devices. A hacker might be able to steal a password for something off a home computer, then use that same password to access the practice’s bank accounts or network.

Ransomware/Malware

  • Ransomware, which locks access to a user’s data until they pay a ransom, is one of the most common attacks in healthcare. In many cases, entire hospital systems have lost their data to hackers, who demand large sums of money to release them.

  • These attacks often start as a phishing attack that contains the link to install the ransomware.  Ransomware can devastate a medical practice that doesn’t have an adequate backup, and paying the ransom doesn’t always guarantee the files get unlocked.

Connected devices

  • More devices are coming with internet connections that add enhanced functions, but also open up new vulnerabilities.

  • Often, devices come either with no passwords or easily accessible default passwords that hackers can exploit.

  • Because the devices are on the network, they can be a gateway to more sensitive information.

  • Older medical equipment can also pose a risk, because they may store patient data and usually don’t have sophisticated protection to keep hackers at bay. 

How to defend your practice

Experts say practices must be vigilant in guarding against hackers, and understand that it’s not a matter of if, it’s a matter of when an attack happens. So physicians should:

  • Educate employees on phishing attacks.

  • Use different passwords for each device.

  • Keep operating systems updated.

  • Ask IT advisors to check for vulnerabilities of any connected devices.
PreviousNext