Protect your practice against cyber risk

August 21, 2017

Recent high-profile cyberattacks have affected health care organizations worldwide, reminding allergy practices that they need to be especially vigilant in safe-guarding their systems and data. However, according to a recent Medical Group Management Association (MGMA) member poll, only 55% of respondents believe their organization’s information technology (IT) systems are secure against attacks. 15% said their organization is working on it, 15% said their IT is not secure and 15% said they are unsure.

MGMA members reported experiencing several kinds of cyberattacks:

  • ransomware attacks (computers being compromised and data held hostage for ransom)
  • phishing attempts (emails from seemingly reputable companies attempting to induce individuals to reveal personal information, such as passwords and credit card numbers)
  • trojan horse emails (emails from seemingly reputable sources with a link or attachment, that once clicked, enables the trojan program to install itself so it can read your files, extract confidential information, and transmit it to the owner of the trojan software)
  • providers’ personal devices being compromised

So how can you protect your practice against these threats? The U.S. Department of Health & Human Services (HHS) has a terrific list of Top 10 Tips for Cybersecurity in Health Care. We especially recommend the following steps:

1. Regularly update your software, operating systems and antivirus software.

2. Provide firewall security for your internet connection.

3. Establish cybersecurity policies and continuously educate staff about them - as well as about the risks of phishing and trojan horse emails. Laura Meadows, practice manager for Allergy Partners in Lynchburg, Virginia advises, “I always let my staff know that every time they go onto a website they could be putting the practice and patients at risk. You never know the viruses that are out there that we may not be protected from.”

  • Prohibit opening emails and attachments from unknown sources.
  • Require protection for mobile devices.
  • Require strong passwords for all systems and devices.

4. Develop and test backup and disaster recovery plans to ensure your practice can continue to function in the event of an electrical or internet outage, a cyberattack, or a fire.

5. Perform a security risk assessment annually.

If you do experience a cyberattack, consult the recently issued cyberattack checklist from the HHS Office for Civil Rights.

Potential cyber threats to allergy practices are increasing, but by following the steps and tips outlined above, you’ll help protect and prepare your practice for these events.