The recent CORRelations Chart of the Week, “Are Your Passwords Strong?” gave me a flashback to a symposium held by my previous medical liability carrier, The Doctors Company. They hosted an IT security expert who hacked into the accounts of a general manager of a nearby hotel in real time, while we watched. The ease and nonchalance that this guy demonstrated even as he smashed through an actual person’s passwords was astonishing. I was especially attentive, since two orthopaedic groups near my practice had been recently breached by the “Dark Overlord”, a hacking group that stole tens of thousands of patient records for ransom and over a 3 ½ year span was responsible for over 42% of non-credit-card-related hacks. Although some of them have been caught, convicted, and sentenced, recovering from those hacks caused suffering both to patients and practice leaders. It won’t stop with them; healthcare hacking has become a big business.
Though it’s an unsexy topic, IT security deserves our respect and attention, because security failures can result in massive fines and disruption of your practice. And none of us wants to feel (or be) responsible for patients’ personal information getting dumped onto the dark web.
Here are some tips we use at our practice:
- We change passwords frequently
- We recommend using multifactor authentication, whenever available
- We perform security audits using “white hat” ethical hackers to find open windows into medical records and billing systems
- We have purchased cybercrime insurance to aid in defense of a breach if one should occur
Any network can be breached. The best defense is to make the hacker’s job as hard as possible.