How to Prevent Costly and Dangerous Cyberattacks

Greg A. Hood, MD


April 25, 2017

In This Article

All Practices Are Vulnerable to Data Breaches

There are two types of practices: those that have been hacked, and those that probably will be hacked. Large and small practices are vulnerable to data breaches. However, many resources are available to thwart an attack, and these resources are scalable for all practices.

What do practices need to think about when it comes to information technology?

It is important to consider security and your practice's vulnerability. A lack of concern and awareness about security can lead to data breaches. The best structured and most detailed and expensive protection system is most commonly breached because of the behavior of the practice's employees.

Many physicians, providers, and employees unknowingly engage in risky behavior on their home and work computers. Certain surfing habits and a propensity to click on ads and unknown links circumvent the most carefully designed security measures.

You would think that schemes by Nigerian princes and proclamations telling you that you have won a lottery that you didn't even enter would no longer garner ill-gotten gains for criminals. And for most medical offices, these are not the type of obvious attacks that can create a data breach. Often, there are phishing scams or more sophisticated scams that ensnare users. The persistence of such efforts, as well as reports of successful hacks such as these, underscore the essential role of diligence and education of your staff.

Our practice has been fortunate so far. We've been subject to episodes of very intense efforts of hackers to penetrate our security in the past, but so far, we have not lost the integrity of our protection. Many other practices haven't been so fortunate.

Small Businesses Are Not Immune

Some physicians believe that if they possess a relatively small data set or are located in a nonurban setting, thieves may not take notice. However, stolen data can be aggregated and cross-referenced with other hacks.

It is no comfort to your patients if their data were part of a small hack or a large hack. The data were compromised just the same. In 2015, Symantec estimated that 43% of cyberattacks were conducted against small businesses.

Remember that every online presence is on the Main Street of the information superhighway. There is no private road for an integrated medical computer system. If you think your practice and information are too off the beaten path, then you are exactly who the hackers are seeking, whether they be local or on another continent.

These two issues can merge, as information stolen from one medical entity may be used in order to improve the formulation of phishing attacks on other practices or organizations.


Comments on Medscape are moderated and should be professional in tone and on topic. You must declare any conflicts of interest related to your comments and responses. Please see our Commenting Guide for further information. We reserve the right to remove posts at our sole discretion.
Post as: