• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Not If, But When, You’re Hacked


Cyber security has become as important as washing your hands. Passing on a virus in either situation can have catastrophic consequences.

At a recent Health IT conference, a few hospital chief information security officers talked the about the present state of HIT cybersecurity and offered some observations.

Here are the headlines:

1. You will be hacked. It is just a question of when and how you mitigate the damage.

2. Firewalls don't work.

3. HIT is 10 years behind other industries, like financial services, but hopefully we can learn from the mistakes others made so it won't take 10 years to catch up.

4. You need a security operations center.

5. Most chief information security officers (CISOs) don't have specialized training in cybersecurity and there needs to be higher standards.

6. Having a state-of-the-art cybersecurity capability requires money, leadership support and the right processes.

7. Big medicine cybersecurity solutions are not applicable to small medical practices. However, most small practices can protect themselves with basic interventions and outsourcing.

8. Behavior analytics can help detect chronic offenders.

9. HIT cyberattacks often go unnoticed for many months. By that time, a lot of damage has been done.

10. Don't negotiate with cybercriminals.

11. You need an in-house team to respond to incidents but you can outsource monitoring.

12. HIT is being hit because that's where the money is and the pickings are easier since financial services got better at stopping hackers.

13. You need a crisis management plan in the event of a cyberattack.

14. We are not training enough people in HIT cybersecurity.

15. Independent practices affiliated with large hospital systems represent a challenge, particularly when using different systems.

16. As the Internet of Things gets bigger and interoperability becomes more of a reality, there is more to attack.

17. “Share but protect” is becoming harder.

18. Most cyberattacks happen because doctors and other staff members open phishing mail with viruses, malware, and ransomware. They need continuous monitoring and education.

19. Cybersecurity has moved from the basement to the boardroom.

20. Most security information officers get paid to say “no.”

Whether you are a small, independent practitioner, independent but affiliated with a large system, or an employed physician in a large system, cyber security has become as important as washing your hands. Passing on a virus in either situation can have catastrophic consequences.

Related Videos
Victor J. Dzau, MD, gives expert advice
Victor J. Dzau, MD, gives expert advice