HIT Cyber Security

HIT Cyber Security

Guest Blogger: Gregg Moist, Director of Customer Support

Is my practice at risk?

In today’s world, the Protected Health Information (PHI) at your practice is very desirable to hackers and criminals. Verizon’s 2015 PHI Data Breach Report clearly showed doctors offices (even more than hospitals) are the largest source of PHI breaches. The general assumption is that cyber hackers only target large multi-national organizations and government agencies. The reality is that many practices and healthcare systems become victims of such crimes, and it is important to educate yourself and understand safeguards you can implement to defend and protect your patients health information.

What do you think is more valuable to hackers?

A. Your credit card number
B. Your Social Security number
C. Your health records

The answer is C. On the black market, your Social Security number is worth $1.00, your credit card may be worth as much as $24.00 (if it can be sold), and a patient chart is worth $50.00. There are several factors that cause medical identities to be so highly sought after and valuable.

The healthcare industry does not have the same regulatory safeguards in place that the financial and retail industries have. Insurance fraud is relatively easy to perpetrate, hard to identify, and even more difficult to prove.

If your credit cards are compromised, your credit card company or the merchant assumes the financial responsibility. If you have any out of pocket expense, it is generally minimal. If your health records become compromised, everyone owns part of the cost including the providers, insurance companies, and the patients.

From a practice perspective, if you accept insurance for a patient who used stolen information, you may not get paid for that claim. From a personal perspective, if an individual’s records are stolen and used for insurance fraud, the victim may be liable for some of the costs. The estimated average out of pocket expense for someone who has been a victim of stolen medical identity is $13,454.00.

Practicing Basic Cyber Hygiene

Just like washing your hands to prevent the spread of germs, practicing basic cyber hygiene can help you to avoid 90% of the threats out there. The following safeguards can be implemented in order to protect your practice.

  1. Employ or contract a qualified IT professional who is familiar with implementing basic security features and have them review your environment regularly.
  2. Make sure your computers and mobile devices are encrypted. Theft is the most common cause of PHI breaches for doctors offices.
  3. Ensure your computer systems are protected by a firewall.
  4. Ensure your systems and software are updated and have all current patches.
  5. Make sure your admin accounts are protected with passwords and change any default passwords. Remember, UserID “Admin” and password ” password” is a commonly used default and hackers know that.
  6. Have updated anti-virus / malware software on all of your PCs and servers.
  7. Do not click on links or open attachments in your email unless you are sure about the source.

Additional information on the threats and staying safe can be found at: