Today's guest post was submitted by Dr. Dewan Farhana, a tech entrepreneur that blogs at Doctor Finances about health care technology and financial literacy. We have no financial relationship.]
In a world where almost everything we do is online, including all of our banking and asset management, online security is of the utmost importance for every individual and business. Most of us have been taught to avoid thieves physically, enter our homes carefully, and secure our cars, but cybersecurity is new to almost everyone. We haven’t been taught to be vigilant about the invisible threats lurking online. In fact, most of us are walking around with our “pants down” when it comes to online security.
In addition, after the COVID-19 pandemic hit, many medical professionals suddenly had to embrace online systems and processes in order to survive, increasing the exposure to cyberattacks across the board, since an attack on one provider can spill over to others as multiple providers can often be linked to one patient and their sensitive information. While we have all heard of cyberattacks on organizations, the average person didn’t need to worry about it quite as much. However, it is now extremely important to make sure you have the proper online protections in place to protect your wealth and your information—whether that is your bank accounts, your identity, or the sensitive information held by your medical practice or hospital.
Although cyber hacks are happening to people personally and across all industries, here are some startling statistics from 2019 to further illustrate the importance of online security for medical professionals. For example, since 2016, 93% percent of healthcare organizations have experienced a cyberattack, and four out of five breaches in the health care sector are against providers. This makes sense, since hackers have direct access to patients’ sensitive information and they get a two-for-one deal: both provider’s information and their patients’ as well. Since 2015, the personal medical record information of more than 300 million (yes, that’s million) people has been stolen.
Why are Medical Professionals More Susceptible to Cyberattacks?
Medical professionals are known to have higher incomes, and hackers can profit greatly from cyberattacks. One tactic they use specifically against the medical profession is to hold information hostage. Imagine losing all access to your files unless you fork over a ransom for your data. Entire cities and companies have been held hostage in this way.
Access to Sensitive Information
As I mentioned above, medical professionals have social security numbers, insurance information, payment information, addresses, phone numbers, ages, etc. on file, so hackers can find a literal goldmine of information to exploit in one place. This can lead to bank fraud, identity theft, and even ransom based on the threat of exposure of private medical information.
Since an online presence is a huge benefit for patients and for providers when seeking new patients in the form of websites, preferred provider information on insurance websites, online medical profession organization information, online booking, telemedicine, etc., hackers have a higher chance to know where to attack, and can easily search those locations to target medical professionals.
12 Ways to Protect Yourself From Cyberattacks
While potential cyberattacks are real, there are ways medical professionals can protect themselves, their assets, and their patients.
#1 Be Aware and Hypervigilant of the Lifestyle Data You Share Online
“Social engineering” is the major threat to your security in the long run, and much of a person’s data can easily be plucked from social media, including the social media profiles of family members and also those who work in the same office. Hackers get to your information through “social engineering”, which means they mine the data in your social accounts (including professional accounts like LinkedIn) and look for information that can be used to breach weak points, such as simple passwords or easy password-reset questions. Practice vigilance, and select security questions and passwords that are actually hard to answer or guess even by your closest confidantes.
#2 Use Intricate Computer-Generated Passwords to Protect Your Information
Use apps like LastPass, 1Password, or Bitwarden, and make sure your master password is as strong as possible and changed frequently. Do not write down your master password anywhere—it’s literally the keys to the kingdom. These apps work on every device, and make it trivially easy to never use the same password twice. Remember: your password can be stolen from a badly designed 3rd party website, not just guessed by trying all the combinations. If you keep password information in a file on your computer, or somewhere that’s easy to find and/or be hacked (like Google Docs), cyberattackers can access all your accounts—both professional and personal.
What of the password managers themselves? Good ones use encryption across the entire chain of data ownership to ensure that, even if their own servers are hacked, the data gathered by the attackers is useless. You can learn more here.
#3 Make Sure Your Software Is Up-to-Date
Operating with old, outdated software will give you gaping security holes, so make sure that not only your office computers but your personal computers and phones are continually up-to-date as well. The first thing to update is your operating system (Windows, MacOS, iOS or Android, for example). Install reputable security software that scans your devices for viruses and prevents bad programs from running on all your devices to help thwart “drive-by” attacks. Check with your ISP for a free copy!
#4 Click Carefully
If an email asks you to do something security-related, do not click the link in the email (even if you are sure). Instead, go to the website directly and enter the information. The exception is email confirmation emails, some of which are very hard to hand-type. However, look at the link very carefully for errors or typos. Once you have clicked to confirm, immediately close that web page, even if you would like to log in or use the service right then. Type in the address manually in a new tab or window.
#5 Never Wire Money
A bank wire is like a cashier’s check—once it’s out of your hands, it’s as good as cash. Few vendors will ask for a wire (with perhaps the exception of mortgages and remote car purchases). However, most of these now allow you to enter your bank information on their site instead. For personal transactions, use Venmo, PayPal, or one of the other services to send money much more rapidly and securely.
#6 Apps Are Great But Be Very Careful
Whether it’s an app for your phone or your computer, installing an app is the same as letting a stranger into your digital home. Make sure the app is from a reputable vendor. For apps that come from third parties, go to their websites and click through from there for an additional layer of security. As to searching the app store, scrutinize the name to make sure there is not a copycat with a similar name trying to trick you.
#7 Do Not Give Personal Information Over the Phone or Randomly In-Person
This one may seem obvious but in the midst of our busy days, we can forget to verify the caller especially if they are saying the “right words” so it’s important to always double-check or call back before sharing any personal information. Remember that no institution that has access to privileged data will ask for that information over the phone. If you must, tell them you will call back, then look up the number separately on the Internet and call back that public number.
#8 Continue Using a Paper Shredder
It’s important to shred any sensitive information as snoopers are everywhere looking for weaknesses. At the least, it’s easy for someone to apply for credit on your behalf. A good shredder can cost $30 and save you thousands in time and effort.
#9 Protect Your Payment Cards
Credit card fraud is becoming more commonplace as hackers get smarter. So, make sure to take the following steps to protect your credit card accounts, both personal and professional:
- Set alerts on all your accounts so you’re contacted when charges are made.
- Install the apps for your credit cards and bank, and set them to notify you whenever a payment is made.
- Look through credit card activity regularly—this can also let you track down sneaky services that increase in cost silently, like your cable bill!
- Be aware of skimming devices where you use your credit cards and especially debit cards. Make sure the keypad and card reader covers for debit cards are strongly attached with a sharp tug, and cover the keypad when entering your PIN.
- Generally, avoid the use of debit cards unless you must. Your rights with regards to theft from a debit transaction are quite limited.
- Make sure your cards have chips. Especially in the age of COVID, use Apple/Google/Samsung Pay to make contactless and secure payments where possible.
- Destroy all receipts or scan and file them electronically in password-protected folders. Also be sure to destroy old cards, licenses, and other paperwork.
- If you travel internationally, call and let your credit card company know in advance, or simply use their websites or apps.
#10 Freeze Your Credit
If you will not be accessing your credit soon to refinance, purchase a new home or apply for a loan/lease/credit card, freeze all of your credit reports (including all family members) to avoid hackers from opening new accounts under your name.
#11 Inform and Assist Your Employees and Coworkers
Security works in layers. If you want your practice or workplace to be secure, make sure that everyone is on board on the importance of security. Help them protect themselves, which will help them protect you. Big breaches often happen because the lowest member in the totem pole with access makes a mistake.
#12 Help an Older Parent or Grandparent Protect Their Information
Older people are quite vulnerable to hackers, and, if time-permitted, it’s a good idea to help an older family member who is not tech-savvy also protect their accounts.
Online security can be one more tedious thing to add to your list, but it’s crucial that you protect your personal and professional life from cyberattacks as it can happen to anyone, especially in the medical profession. In today’s online-intensive world, online security is a must-have and a must-do, perhaps even more than setting up a home security system, as most of our valuable assets are online now! So take the steps now to keep you and your assets, especially your most valuable professional ones—your patients and their information—as secure as possible. You’ll save yourself a tremendous amount of frustration, wasted time, and lost money—and often those can be the least of your losses.
Which of these tips for protecting your online security have made a difference for you and your practice? What else have you done? Comment below!