{"id":2907,"date":"2020-04-28T07:22:35","date_gmt":"2020-04-28T07:22:35","guid":{"rendered":"https:\/\/www.empowerelearning.com\/blog\/?p=2907"},"modified":"2020-04-28T07:23:30","modified_gmt":"2020-04-28T07:23:30","slug":"how-to-secure-your-medical-practice-against-cyber-threats-even-if-youre-working-from-home","status":"publish","type":"post","link":"https:\/\/www.empowerelearning.com\/blog\/how-to-secure-your-medical-practice-against-cyber-threats-even-if-youre-working-from-home\/","title":{"rendered":"How to secure your medical practice against cyber threats \u2013 even if you\u2019re working from home"},"content":{"rendered":"

How to care for COVID-19 patients is not the only question haunting physicians. Here are three cybersecurity issues that probably trouble them even more.<\/span>\u00a0 <\/span><\/p>\n

    \n
  1. How safe is my personal computer, if I have to work from home?<\/li>\n
  2. Can I use my mobile phone to access the office EHR?\u00a0<\/span><\/li>\n
  3. What are the chances of my practice getting crushed by a ransomware attack?<\/span><\/li>\n<\/ol>\n

    Phishing and ransomware attacks are threats as real as COVID-19 for every medical facility.\u00a0<\/span><\/p>\n

    The FBI notification of April 1, confirms this threat. It reported more than <\/span>1200 complaints<\/span><\/a> related to COVID-19. The reported incidents include, phishing attacks against first-responders and ransomware attacks on medical facilities.\u00a0<\/span><\/p>\n

    Information security has always been the top healthcare priority. But now, with physicians working away from their secure office networks \u2013 this subject needs urgent attention. Based upon the AMA and AHA <\/span>recommendations for physicians<\/span><\/a>, this blog article addresses the following four cybersecurity issues.<\/span><\/p>\n

      \n
    1. Securing your computer\u00a0<\/span><\/li>\n
    2. Securing your mobile devices<\/span><\/li>\n
    3. Protection of home network<\/span><\/li>\n
    4. Working with medical devices<\/span><\/li>\n<\/ol>\n

      The two biggest cyber threats \u2013 Phishing and Ransomware<\/b><\/h2>\n

      Phishing and ransomware have been identified as the two biggest cyber threats to healthcare practices, and you as a healthcare worker should grow weary of the threat they pose. The year 2019 was particularly a dreaded year with several practices forced to stay shut for long periods due to Ransomware.<\/span><\/p>\n

      Phishing attacks, especially spear phishing, are the first to look out for. A phishing attack is what mostly precedes ransomware attacks. They can even lead to malware attacks that attempt at stealing medical records from your computer and office networks. Be very careful when clicking links, opening attachments, and downloading files.\u00a0<\/span><\/p>\n

      First thing that you need to tackle this challenge is to make your computer safe. Here are the essential steps that must take:<\/span><\/p>\n

        \n
      1. Make sure that every member of your staff has a unique login name and password.<\/span><\/li>\n
      2. Have strong passwords\u00a0<\/span><\/li>\n
      3. Bar all users from using Administrative login. Create limited access accounts for everyone.\u00a0<\/span><\/li>\n
      4. Use only safe, and necessary software. Audit the software installed on your computer – Delete any unfamiliar software as soon as you find it.<\/span><\/li>\n
      5. Keep your operating system, browser and software updated. These updates often address security issues. If this is not done on time, it can lead to theft or destruction of patient information. Check your computer and browser settings, if an update is pending then run it. If workable, activate automatic updates.\u00a0<\/span><\/li>\n
      6. Buy and install an antivirus software. Run anti-virus software updates at least once a week.\u00a0<\/span><\/li>\n
      7. If you use MS-office, then disable macros.\u00a0<\/span><\/li>\n<\/ol>\n

        Here’s the AMA checklist for <\/span>more tips<\/span><\/a> on securing your computer.\u00a0<\/span><\/p>\n

        Use Virtual private network (VPN)\u00a0<\/b><\/h2>\n

        The next thing to consider is connecting your home devices to your office network. Unsecure connections can get intercepted by cyber criminals.\u00a0<\/span><\/p>\n

        Consider using a Virtual private network (VPN) for connecting with your office network. If you need to access patient records or diagnostic images stored in your EHR system, use the VPN. It\u2019s very much a virtual wire to your office computers. Because a VPN connection is encrypted, you won\u2019t have to worry about people snooping on your computer.\u00a0<\/span><\/p>\n

        Protecting your emails from phishing attacks\u00a0<\/b><\/h2>\n

        Most malware and ransomware attackers sneak in through your email system. Your first line of defense is to activate email protections, such as advanced threat protection (ATP). ATP can detect malware based behaviors and warn you in advance.\u00a0<\/span><\/p>\n

        Another important protection is establishing multi-layer authentication in your processes. If you receive an email request for sharing data or changing payment information, call and get a verbal confirmation. <\/span><\/p>\n

        Other important suggestions include, enabling<\/span><\/p>\n

          \n
        1. Multi-factor login authentication<\/span><\/li>\n
        2. Lock-out feature for repeated incorrect login attempts<\/span><\/li>\n
        3. \u2018External email\u2019 banners for outside emails<\/span><\/li>\n
        4. Application whitelisting for apps that can run on your system<\/span><\/li>\n<\/ol>\n

          Have a back-up strategy<\/b><\/h2>\n

          If your firm gets hit by a ransomware or malware attack, it\u2019s really difficult to get your computers back. Experience shows that paying ransom, too, doesn\u2019t work in most cases. The best protection against such attacks is to have a data back-up strategy and getting an insurance policy against cyber threats.<\/span><\/p>\n

          Consider using the 3-2-1 rule to create your backup\u00a0<\/b><\/h2>\n
            \n
          1. Have 3 offline segmented backup copies of your data<\/span><\/li>\n
          2. Use 2 different storage media types<\/span><\/li>\n
          3. Have 1 cloud based backup.<\/span><\/li>\n<\/ol>\n

            And, ensure direct and cloud access to your backup data is highly restricted.\u00a0<\/span><\/p>\n

            Review your cybersecurity insurance\u00a0<\/b><\/h2>\n

            Review your cybersecurity insurance, find out what\u2019s covered and what are the limitations of your policy.\u00a0<\/span><\/p>\n

            What if you get hit by a cyberattack?<\/b><\/h2>\n

            Notify your financial institution immediately.\u00a0<\/span><\/p>\n

            The probability of you getting your money back remains high in the first 72 hours. At the time, find a complaint with the local FBI field office and at the IC3 website \u2013 they would work with you and your institution to get your funds back.<\/span><\/p>\n

            How to get your data back?<\/b><\/h2>\n

            Prepare a list of <\/span>Forensic firms<\/b> who could help you recover your data in the event of a ransomware or malware attack. Contact the FBI. They may be able to work with you and other agencies to help with decryption of your data (jargon) or in negotiating with the perpetrators.\u00a0<\/span><\/p>\n

            But sometimes I use my phone for work purposes!\u00a0<\/b><\/h2>\n

            It\u2019s recommended that whether you use a personal computer, a laptop, tablet or a mobile phone, use a VPN to access your office network.\u00a0<\/span><\/p>\n

            Which VPN to use?\u00a0<\/b><\/h2>\n

            Contact your EHR vendor to figure out which VPN would they recommend to be used with their software.<\/span><\/p>\n

            However, just using a VPN isn\u2019t enough. Again, ensuring strong safety measures are necessary to ensure that your network doesn\u2019t get hacked. Multi-factor authentication, strong password practices, timely security updates, remain the most important protections against intrusions.\u00a0<\/span><\/p>\n

            EHR and telemedicine Apps<\/b><\/h2>\n

            If you select to work using your mobile devices, you may want to consider apps that allow you to manage your EHR from your device. There are apps available for providing telemedicine services and communicating with your patients.\u00a0<\/span><\/p>\n

            You\u2019d also come across apps that support all three – managing EHR, telemedicine services and communicating with patients. But, before you start using an App, it\u2019s best to consult with your EHR vendor first. Find out\u00a0<\/span><\/p>\n