Dr. Derm logged into his office computer system, only to find a ransomware note from a hacker, asking for money in exchange for the safe return of his patients’ records his EMR had been hacked. While this might seem far-fetched, this situation has happened to multiple small practices.
Dermatologists in small practices often think they will not get hacked because they may not have troves of patient information or financial data. But this attitude is what makes them a target in the first place. Lax security, a lack of resources and general indifference make the perfect combination for an easy hack into any dermatology practice. “Most small practices use home-based level security, such as routers or access points like you would use at home. Conversely, they often have the kind of data that bigger hospitals have, but they don’t have the appropriate security.
It is important to recognize that even though our dermatology offices may not have as many health records as a large health system, we probably are not the only target for the hacker.
Think of it this way: If the hackers hit 10, 100 or 1,000 small offices and aggregate the records, then it becomes a substantial amount of data to sell. Small dermatology practices have datasets that are attractive because they can be monetized. All of our offices maintain data on protected health information, personally identifiable information and payment information — each one of these sets is valuable because they can be stolen and monetized on the internet black market. Once hackers get into our computer systems, the data might be sold for identity theft, false billing for services, or false prescriptions. And because larger organizations continue to improve security, smaller dermatology practices may become even more attractive targets.
But by taking some basic precautions and training staff to be vigilant about security, the majority of hackers can be thwarted.
Who are these hackers?
The stereotype of a hacker might be someone working for the Russian mob. In some cases this may be accurate, but they can also be your own employees, disgruntled consultants or even a kid living next door who thinks breaking into networks is cool. It could also be a cyber vigilante attacking a practice because of ideological reasons or some sociological motivation.
Hackers have different methods of gaining unauthorized entry, but the phishing attack is the most common. This is usually a legitimate-looking email with an attachment that, if opened, will place malware on the network that gives the hacker access. It has already happened to many of us when an unassuming employee opens an ill-intended attachment to an email that never should have been opened. Phishing attacks can also occur via texts or…
Read More at My EMR Has Been Hacked. What Should I Do?