Part one of this blog post describes a report that just came out about how hackers are increasingly targeting healthcare clinics through their telemedicine and telehealth platforms. As more clinics are using new (and sometimes unsecured) networks, devices, and software platforms to provide virtual care, it’s a ripe target for cybercriminals. Here are some things you can do right now to secure your patient data and protect your practice from these attacks.
Use Only Secure Platforms
One of the most important ways to protect patient information is with fully encrypted and secure software platforms. That includes telemedicine and telehealth, but also your other practice management software. Everything from your scheduling software to your EHR and medical billing system houses patient data and should be protected with the highest level of security. Choose a software vendor that takes data protection seriously and has a track record that reflects their commitment.
Train Staff to Spot Phishing and Similar Scams
The weak link in most organizations is the people. Training your staff to spot a scam email or a similar risk can help reduce the chance that your clinic becomes a victim of these cybercriminals. Scammers today use increasingly sophisticated methods to trick people using social engineering. This can take many forms, including:
- Phishing – tricking people to reveal private information through scam emails, websites, or text messages.
- Spear phishing – targeted attacks against specific individuals, for example, the office manager or someone else who controls financial information for a clinic.
- Pretexting – using a false identity to trick someone into giving up information.
- Vishing – voicemails that encourage urgent action to prevent a (fake) threat.
Be Careful with Mobile Devices
As the volume of virtual care increases and providers and staff are increasingly working from places outside of normal clinic locations, the use of mobile devices is on the rise. It’s critical that you are using devices that are properly secured, and only accessing patient data through secure platforms like those available from AdvancedMD. It’s also critical to keep an accurate log of what mobile devices you and your staff use to access patient information:
If any of these are stolen, you need to immediately lock down the device or be prepared to take mitigation steps to reduce the risk of stolen patient data getting out.
Data security is essential in today’s medical clinics. Find out how AdvancedMD can help protect your patient information. Our HIPAA-compliant and fully encrypted scheduling, practice management software, telemedicine and telehealth systems, EHR, medical billing, and payment processing software ensure that your data is always secure.