Medical Practices often neglect security based on the misconception they are too small to be a target. While this thought process may have been true in the past, especially with respect to physical security, it is no longer accurate in the digital age. This is because attacks are no longer limited to the people or groups who have access to your physical property. Once your business is connected to the Internet your community is now worldwide. Therefore smaller medical practices are not protected because they are smaller, but small medical practices often have a larger bullseye on them.
Smaller is no longer off the radar
The fact that many medical practices often do not invest in cybersecurity makes them an easy target for these types of attacks. This is simply the old adage of picking the low hanging fruit first. Hackers know very few small medical practices implement enterprise grade cybersecurity solutions, which is tantamount to leaving the doors to your physical office unlocked and no alarm enabled when your practice is closed. A criminal will often take the path of least resistance and since larger businesses are investing more into cybersecurity solutions, they are no longer the first attack.
Additionally, many medical practices do not have employ business continuity practices to protect themselves in the event of a disaster. Hackers understand this as well and know medical practices will be much more likely to pay ransom fees than larger businesses which have business continuity solutions. Cybersecurity attacks are the new business disaster causing many businesses to shutter their doors just as if they had been hit by a natural disaster.
One other factor is many small medical practices work with larger organizations which have tighter security controls in place. Hackers often try to access these larger organizations through the smaller practice which they find easier to exploit.
So I’m a target. What now?
The first step to fixing a problem is understanding and accepting there is one. The next step is determining where your practices weakness in cybersecurity are. This usually starts with enhancing the security around any and all entry points to your network. Starting with a commercial grade firewall, preferably managed by a technology professional is always a good start. Thinking in terms of the physical security of your business, you are only as secure as the weakest link. If your doors are locked but the windows are not, you are still a high risk business. The same is true in this day and age of more and more solutions being accessible via the local network or Internet.
This often means full network scanning of every item in the practice along with both internal and external vulnerability scans. Properly performed scanning will help identify potential open windows within your organization and allow them to be secured before they are breached. Additionally, using a commercial grade email solution with strong content filtering rather than a consumer grade email is a strong start to helping protect your employees from accidental breaches.
In fact, many attacks are focused on exploiting company insiders through email and social engineering. This means it is essential to train employees so they are prepared for the attacks that are targeted on them. Don’t let your employees be your open window.
Rinse and Repeat.
Unfortunately protecting your practice is not a one and done process. Technology constantly changes and vulnerabilities are continuously discovered. All of your employees will need to be trained on a regular basis regarding the ever changing landscape to help keep the business secure. Likewise all of the medical practice technology will need to be patched and updated regularly in order to stay on top of the latest vulnerabilities. This includes any hardware provided by medical partners that connect to your network such as, vision screeners or vital signs monitors. Thus a properly protected medical practice will provide regular employee training and have solutions that are managed by technology professionals responsible for staying in tune with the pulse of technology.
Proper solutions can be very reasonably priced, especially when compared to the cost of remediating a successful attack or having to shutter the practice like roughly 60% of all small businesses affected by a significant breach. If you have not already, take the first step today and contact your technology advisor to find out what the cost of effective solutions you can put in place at your small business immediately and over the long term.
About the author
Marc McGrath, AAP has over 20 years technology experience serving as Information Security Officer, Chief Technology Officer and currently is the Chief Information Officer for Technali, LLC, a Managed Services Provider specializing in technology and security solutions for the healthcare field. He can be reached at firstname.lastname@example.org or 770-796-0114.« Back to All Articles