Data breaches have become more common, and even giant companies like Equifax, Home Depot, Target and Yahoo have not been immune to massive hacks compromising the information of millions (and, in one case, a billion) of their users. Think hackers are only looking to harvest data from giant companies? Not true. In fact, according to Symantec’s 2017 Internet Security Threat Report, 43 percent of cyberattacks target small businesses. As a medical practice, you’re at an even greater risk than other small businesses.
Medical records are prized in the seedy world of cybercriminals, and unsavory types will pay good money for your patient files. You have an obligation to your patients to protect their sensitive information, and you owe it to yourself to guard your reputation by making every effort to step up your cybersecurity game.
Just like securing a physical building, you need to consider all the ways a criminal could possibly infiltrate your virtual system.
Teach Your Staff about Cybersecurity
Employees are often the weak link that grants a hacker access to a system. Of 601 individuals and companies surveyed for the Managing Insider Risk through Training & Culture report, 55 percent of them reported some kind of security incident or data breach caused by an employee.
You likely didn’t hire your front office staff because of their IT security expertise. Your receptionist doesn’t need to know how to write raw code or design the next big app on their lunchbreak. However, all your staff members should have a basic understanding of what’s at risk and some basic steps they can take to help protect the business.
Set a clear protocol for the way your staff deals with sensitive information and how they use the internet at work. You may choose to limit access to certain sites or prevent people from downloading anything using office tablets or computers.
Prevent Malicious Insider Breaches
You’d hate to even think it, and hopefully none of your team would ever even dream of stealing or misusing sensitive data. But like lots of ugly things, we have to accept the reality that insider data breaches happen. Look at the Beverly Hills plastic surgery data breach, perpetrated by a disgruntled (or just really awful) employee who compromised the sensitive information of some 15,000 patients.
While you can’t be sure something like this won’t ever happen to you, there are a few things you can do to limit your vulnerability:
- Run background checks on prospective employees. Often, people who do crazy things like share videos of unconscious patients on Snapchat (yes, the person in the Beverly Hills breach story totally did that) have done other crazy things in the past. If you’re lucky, at least one of these red flags was documented and will come up on a background check.
- Set clear rules and consequences about using personal devices at work, guidelines for accessing patient information and so forth.
- Encourage staff to speak up if they see or hear something that’s not right. You don’t want to encourage your staff to be a bunch of tattletales, but if someone’s Snapchatting pics of an unconscious patient, you definitely should know about it.
Lock Down Your Network
Wireless routers are pretty much the coolest thing since sliced bread. Everywhere in your building, all devices have instant access to the internet in all its glory, sans wires or cords. What a beautiful thing. Of course, WiFi networks can be an open door for unwelcome visitors who come to harvest your vulnerable data. Protect your network with a strong password, preferably one that you change periodically.
Make Sure Your Website Is Secure
Adept hackers can use your online forms against you, punching in certain bits of code or using data overload tactics to trick your own website into showing them information your patients have entered. Make sure you’re using a web hosting service that offers top-notch security for your site.
Don’t Get Cocky
Above all, don’t assume a data breach could never happen to your small medical practice. Just because the stories of comparatively smaller breaches aren’t the ones being sensationalized across various news outlets doesn’t mean they’re not happening. You’ve spent years building your online and offline reputation; don’t let all those good online reviews you’ve cultivated get washed out overnight by a security scandal.