The most common cybersecurity mistakes doctors make


The risks of poor cybersecurity hygiene have never been greater. Here’s how physicians can improve theirs.

Healthcare remains one of the most breached sectors, with hacker attacks hitting clinics and hospitals and making news headlines almost every day. It is estimated that, in 2020, ransomware attacks alone affected over 600 separate healthcare institutions and more than 18 million individual patient records (a staggering 470% increase from 2019).

Healthcare organizations make an ideal prey for hackers, as many of them use outdated security software and continue to underinvest in cybersecurity. At the same time, they get to keep an overwhelming amount of the most sensitive data.

According to the expert, in the majority of security incidents, the patients’ data gets compromised due to employee negligence and simple human error. Hackers can get unauthorized access to the organization’s network as a result of successful phishing attacks or other scams. Unfortunately, doctors may be unknowingly contributing to some major security issues too, especially during these hectic times of telehealth and digital transformation.

What are the most common mistakes at doctors' offices?

Weak password management. One of the duties of healthcare providers is to protect their patients’ medical records and personal information, which is very sensitive. You can always change your leaked passwords or get a new credit card, but your DNA is for life. Unfortunately, doctors use shockingly weak passwords, and those are one of the top causes of data breaches.

Unsecure data storing and sharing. In most cases, doctors store their patients’ records unencrypted on their computers. This is a major risk when ransomware hits, as hackers gain access to files and may threaten to leak or destroy them unless a ransom is paid. Additionally, many clinics share their patients’ information among themselves or with third-party providers via email. However, email is one of the least safe methods to exchange information.

Using out-of-date software. With patient care being a priority at the doctor’s office and everything else secondary, computer security usually gets overlooked. One of the major mistakes is missing software updates. Updates are very important as they include important fixes and patches that prevent hackers from exploiting known security vulnerabilities.

How could doctors improve cybersecurity?

Despite cybersecurity being a complex mechanism, there are some easy-to-follow measures a doctor needs to take to improve their cybersecurity hygiene.

  1. Creating complex and unique passwords for all online accounts, updating them regularly, and storing them safely in a password manager. Using multi-factor authentication for an added layer of security when logging online.
  2. Encrypting patient data and medical files to avoid data leaks in ransomware. User-friendly encryption solutions like NordLocker make sure important information stored on both personal and corporate computers is always protected from prying eyes. For safe sharing, files need to be encrypted first so that, in case of interception, no outsider could gain access to their contents. The tool also includes an encrypted cloud for easy access and secure data storage.
  3. Self-education on cybersecurity. Since ransomware attacks usually start with a phishing email, awareness and education will help a doctor recognize phishing scams and avoid downloading malware or sharing sensitive information with impersonators.
  4. Using a VPN for a safe internet connection. To avoid outside risks, a doctor needs a secure connection, and here’s where a VPN (virtual private network) comes into play. It creates a secure encrypted tunnel between a device and the internet or the organization’s server. A VPN protects the connection from third-party access, including hackers ready to breach the system.

Oliver Noble is a cybersecurity expert at NordLocker, a data encryption solution.


NordLocker is the world’s first end-to-end file encryption tool with a private cloud. It was created by the cybersecurity experts behind NordVPN – one of the most advanced VPN service providers in the world. NordLocker is available for Windows and macOS, supports all file types, offers a fast and intuitive interface, and guarantees secure sync between devices. With NordLocker, files are protected from hacking, surveillance, and data collection. For more information:

Related Videos
Gary Price, MD, MBA
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Hadi Chaudhry, President and CEO, CareCloud
Victor J. Dzau, MD, gives expert advice
Claire Ernst, JD, gives expert advice
Ron Holder, MHA, gives expert advice
Arien Malec
Related Content
© 2023 MJH Life Sciences

All rights reserved.