Close
  • About
  • IT Solutions
  • Industries
  • Cybersecurity
  • Resources
  • News
  • Careers
  • Refer Us
  • Payment Portal
  • Home
Get Support
Linkedin
Facebook-square
Twitter

ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
ECS + MyIT Logo
  • About
  • IT Solutions
      Outsourced IT icon

      Outsourced IT

      Hybrid IT icon

      Hybrid/Co-IT

      Phones icon

      VOIP Phones

      Cloud icon

      Cloud & Network Equipment

      Consulting & Strategy

      Audits & Assessments

  • Industries
      heartbeat icon

      Compliance

      Auto dealership icon

      Auto Dealerships

      Professional IT Services hand icon

      Professional Services

      SMBs icon

      Small Businesses

      Government building icon

      Government

      Education icon

      Education

      Construction icon

      Construction

      Non-Profit organization icon

      Non-Profit

  • Cybersecurity
  • Resources
Contact Us
Cybersecurity  ·  Industry-Specific Technologies

9 Reasons Why Small Medical Practices are Most Vulnerable to a Cyber-Attack

By Perryn Olson 

As my team and I talk to different medical practices, we are amazed how many of them are oblivious to HIPAA regulations and just how vulnerable they are to a cyber-attack. Like HIPAA, hackers don’t take ignorance as an excuse.

9 Reasons Why Small Medical Practices are Most Vulnerable to a Cyber-Attack

  1. Lack Concern of Cyber-Attack Threat – Most small businesses, including medical practices, think they’re too small to be a target to hackers. Unfortunately, medical data is a prize most hackers want to get their hands on and they will specifically target small medical practices expecting to find little to no cybersecurity in place. Also, hackers can use bots that crawl the internet looking for “open windows” into networks; if they stumble on a medical practice, they could be in for a big payday.
  2. Not Treating Hard Drives Like Gold – Many companies throw away old computers, including their hard drives. (See What to Do with Old Computer Equipment for more info on how to responsibly dispose of your hardware.) Medical data goes for $355 per record on the Black Market, so a hard drive with 1,000 patient records is a nice $355,000 score for a criminal. Medical practices must protect hard drives like gold. Once a hard drive is decommissioned, it should be shredded.
  3. Using Universal Passwords – You know small doctor practices love to use a universal password for every login. This method is wrought with problems for three reasons. First, employees probably scream it across the office where patients can hear, “Try password with the @ and $ signs.” Secondly, if an employee leaves, they can still get access to nearly every system and computer. Finally, it makes it easier for a hacker to get into everything because universal passwords are rarely changed.
  4. Lack Cybersecurity Expertise – Even if a practice regularly uses an “IT Guy”, that single person can’t know everything about technology and usually he is so busy putting out fires and crawling under desks to fix things, he can’t keep up his own knowledge especially when it comes to modern cybersecurity best practices. A good IT firm should be large enough to take care of your day-to-day needs and proactively secure your network. A great IT firm will have specialists on staff to advise you on how to best protect your practice and to comply with HIPAA regulations.
  5. Don’t Understand Cybersecurity, So They Ignore It – Out of sight, out of mind doesn’t work with cybersecurity. HIPAA’s regulations are there to protect your patients’ data from a breach, including a cyber-attack. You can’t ignore cybersecurity because HIPAA is the law and you have a lot at stake — your data, your money (negligence is a finable offense), and your reputation.
  6. Think Cybersecurity Costs Millions – If you’re running a huge hospital with dozens of locations, you probably have a team of cybersecurity experts on staff, which cost a lot of money, but you have more risk. For most doctor practices, cybersecurity is affordable and much cheaper than a data breach because HIPAA alone can assess $50,000 penalties per incident. Besides the fines, the damage to your reputation may be irreversible. In fact, 54% of patients are likely to change providers following a data breach. [Source: HIT] Can you afford to lose half of your practice?
  7. No Employee Policies Safeguarding Data – One of the biggest issues small medical practices face is not having any employee policies regarding security. Simple FREE things, like password protecting every workstation and mobile device that has access to PHI [Protected Health Information] is vital. Even if there are some policies in place, most medical practices do not enforce them, thus making the policies useless.
  8. Don’t Perform Periodic Risk Assessments – HIPAA and the Meaningful Use tax credits, which many doctors used to digitize their medical records, require a periodic assessment (usually annually for small doctor practices). These assessments provide a baseline for your network security, suggestions on what to improve, and proof of what you’ve already implemented. When it comes to HIPAA, you are required to have a plan describing how you are improving your PHI security, so you need to document everything.
  9. Giving Patient’s Access to Wi-Fi – In today’s world, you can find free Wi-Fi nearly everywhere, but you don’t want your patients on your practice’s primary internet connection. Instead, hide the network your employees use and require a password to access it. Then, set up a second Wi-Fi connection on your redundant internet connection to prevent hackers from easily gaining access to your patient records. Separating the connections also ensures your patients are not slowing down your team’s productivity.

Now this information may sound like a lot, but a good IT firm can help you overcome each of these matters and it all starts by educating yourself on your responsibilities as stewards of PHI. If your IT support team doesn’t understand their role in protecting your data and HIPAA regulations, we suggest working with a different IT team.

If you’re unsure if you have the right IT team, ask yourself If Your IT Firm Asked You to Sign a BAA?

DM_03242016_1308-sm.jpg

 


Healthcare IT

Related Articles


IT Compliance
Debunking 13 HIPAA Technology Myths
IT Compliance
Are Your Business Associates HIPAA Complaint or a Risk?
IT Compliance
Can I Text ePHI?

Leave A Reply Cancel reply

Your email address will not be published. Required fields are marked *

*

*

Jefferson Chamber Logo
Innovator of the Year
Next Article
  • Categories

    • Blog
    • Business & Technology
    • Cloud Technology
    • Cybersecurity
    • DR & Data Protection
    • Industry-Specific Technologies
    • IT Compliance
    • News and Events


Explore

About Us
IT Solutions
Industries
Get Help
Contact

Disclaimer

Privacy Policy
Terms of Use
Master Client Agreement

Locations

New Orleans
6620 Riverside Drive, Suite 200
Metairie, LA 70003
504-888-6948

Shreveport
347 W. Bert Kouns Industrial Loop
Shreveport, LA 71106
318-219-3427

ECS + MyIT Logo
Linkedin
Facebook-square
Twitter
© 2020 My IT. All Rights Reserved.
  • About
  • IT Solutions
    ▼
    • Outsourced IT
    • Hybrid/Co-IT
    • VOIP Phones
    • Cloud & Network Equipment
  • Industries
    ▼
    • Compliance
    • Auto Dealerships
    • Professional Services
    • Small Businesses
    • Government
    • Education
    • Construction
    • Non-Profit
  • Cybersecurity
  • Resources
  • Contact Us
  • Get Support
  • News
  • Careers
  • Payment Portal