Skip to main content
Greenway Health
Main navigation
  • Solutions
      • Greenway Solutions
          • Solutions by Product
          • NEW! Medical Coding
          • Cloud Bundle
          • Electronic Health Records
          • Practice Management
          • Revenue Cycle Management
          • Telehealth
          • Patient Engagement
          • Analytics
          • Interoperability
          • Clearinghouse Services
          • Care Coordination Services
          • Marketplace Partner Integrations
          • View All
      • Solutions
          • Solutions by Specialty
              • Cardiology
              • FQHC
              • OB-GYN
              • Orthopedics
              • Pediatrics
              • Primary Care
              • Surgery
              • Tribal Health
              • View All
      Past Webinar

      Breaking down the 21st Century Cures Act — what it means for your practice

      Read More
      Greenway Blog

      Experience effortless implementation for enhanced patient care with Greenway Health’s client-centric EHR

      View Details
  • Knowledge Center
      • Challenges
          • Data Security
          • Compliance and Reporting
          • Patient Care
          • Workflow Efficiencies
          • Profitability
          • Support and Training
          • MACRA: MIPS and APMs
          • Value-Based Care
          • View All
      • Knowledge Center
          • Resources by Type
              • Greenway Blog
              • Webinars
              • E-books
              • Case Studies
              • Infographics
              • Videos
              • View All
          • Resources by Topic
              • 21st Century Cures Act
              • Cybersecurity
              • EHR/EMR
              • Telehealth
              • Patient Engagement
              • Population Health
              • Regulatory
              • Revenue Cycle Management
              • View All
      Past Webinar

      Breaking down the 21st Century Cures Act — what it means for your practice

      Read More
      Greenway Blog

      Experience effortless implementation for enhanced patient care with Greenway Health’s client-centric EHR

      View Details
  • About Us
      • About
          • News
          • Events
          • Executive Leadership
          • Awards and Certifications
          • Award-Winning Clients
          • Greenway Engagement Model
          • Community Involvement
          • Careers
  • Cures Act Resources
Utility
  • Login
  • Support
  • Events
  • Careers
  • Contact
  • 877-932-6301

Free Consultation

greenway blog

Cybersecurity: Uncovering methods to improve security are a click away

COVID-19 and healthcare cybersecurity
COVID-19 and healthcare cybersecurity

“A joint study by Stanford University Professor Jeff Hancock and security firm Tessian found that a whopping 88 percent of data breach incidents are caused by employee mistakes. Similar research by IBM Security puts the number at 95 percent,” according to an article by Security Today.  

Cybersecurity is not a topic for hit-and-miss products or hazy discernment by healthcare stakeholders. Cyber-attacks and malware are often disguised as urgent action text messages to employees. One-click later, the bad actors can access and steal sensitive data. Concern for these vulnerabilities can cause many practices to lose sleep. Healthcare provider companies need steadfast, trusted products and solutions. 

Controls to consider and implement  

Cybersecurity controls fall into three categories: technical, administrative, and physical. For our purposes, let's look at ways healthcare professionals can improve office security utilizing these three areas.  

Healthcare data, particularly electronic health records (EHR) records storing protected health information (PHI) such as detailed patient records, are a commodity of extreme value fetching as much as $1,000 each for cybercriminals according to an article by Fierce Healthcare.   

The turbulent healthcare economy and often complicated insurance systems are already straining practices. Cybersecurity concerns simply add another compounding problem to the already overworked medical ecosystem. Stay ahead of cyberattacks by putting simple preventative strategies into play.   

Proper passwords and proactive attitudes  

Cybersecurity is a topic that is not always on the forefront of topics for a healthcare practice, but unfortunately, PHI is a valuable commodity to cybercriminals. Thinking proactively about your approach to cybersecurity can mitigate many potential issues including costly data breaches or ransom attacks.  

Each year, review your cybersecurity protocols and update them with the latest information and best practices. Be sure to conduct audits of your technology partners and review their service level agreements in regards to cybersecurity and data management to ensure you understand the potential impacts to your practice. Lastly, institute annual cybersecurity training and education with your staff to uphold and remind your teams of the critical importance of cybersecurity measures.  

“Cybersecurity is an ongoing effort and should be treated as series of practices rather than a one-time, one size fits-all solution. By focusing on the basics – like Identity and Access Managment and education around detecting and reporting phishing emails -- healthcare practices can build a strong foundation to defeat cybersecurity attacks”
- Don Kleoppel, Chief Information and Security Officer, Greenway Health

Use good password hygiene  

Passwords act like locks on gates protecting digital information. Passwords serve as the first line of defense in your cybersecurity attack prevention toolkit and can prevent unauthorized access to sensitive information and patient data. 

According to recent recommendations by the National Institute of Standards and Technology (NIST), passwords should be changed annually, consist of a minimum of eight characters, and be simple enough for the user to remember. An overly complex password might prompt the user to write down the password. Make sure to regularly create new passwords and never reuse the same password in a different software. Also, refrain from placing passwords on paper; use a secure electronic password-keeper instead.  

Follow email and texting safety tips  

A common tactic of cybercriminals is to use impersonation schemes. The CEO of the company will not email and ask for your password or other sensitive information. It is easy to become too lax about answering emails, so always take the time to read the sender’s name and company name. Often, there will be misspellings when an impersonation scam happens.   

Be skeptical of urgent email requests and verify the sender. Inspect links and attachments closely before clicking on anything and make sharp-eyed decisions about what links or attachments you open. Check for spelling errors, grammar mistakes, or pay attention to offers that are “too good to be true.” These are all indications that the sender wants to steal information or has unfavorable intentions.  

healthcare cybersecurity

Don’t leave unattended computers unlocked  

Educate staff regarding the security of their laptop or desktop. . Reminders to lock computer stations immediately when leaving the office or room could save your office millions. Stolen records can be used to buy prescriptions or defraud insurance companies. Overall, the best practice is to ensure technology is always secure before leaving the room or shutting down for the day.   

Train employees to spot cyber-attacks and equip them with an action plan  

Having a clear action plan helps your employees guard against cyberattacks. Therefore, work with your information technology provider to establish an action plan such as a contacts list to report a suspected cyber-attack or a unique email address where suspicious emails can be forwarded for their review.  

Office life is busy; however, a little extra security could save your patient’s precious medical information from  cyber threats. Success rates in preventing cybersecurity attacks improve if your practice has a plan.  

Partner with a cybersecurity ally for your technology  

To best protect sensitive EHR data, systems must have anti-virus, Intrusion Prevention, and firewall protections. When choosing an EHR vendor, consider ‘Best in KLAS’ products and services as those standings are based heavily on consumer feedback when rating healthcare technology products. Best in KLAS vendors can be considered even more substantiated when they have received a high-quality award for cybersecurity.   

While no product can guarantee a practice will avoid all security concerns, innovative software that is regularly maintained with real-time updates, security patches for vulnerabilities, and updates based on client feedback is essential.  

Look for preventative Multi-factor Authentication (MFA) features.  

One of the most highly regarded barriers to cyberattacks is Multi-Factor Authentication or MFA. Using Multi-Factor Authentication alone cuts the risks of modern cyberattacks by 99.9% and 96% of bulk phishing attempts according to an article by Zippia in February 2023.   

Ensure your EHR vendor and other software systems have multiple barriers to entry, like MFA, to help stymie cybercriminals. Utilizing multiple factors to verify an accessor’s identity, adds a layer of security, and decreases the chances of a hacker gaining access to your systems and data. MFA, when used in combination with the other topics discussed better protects your practice and your patients.    

Use products with antivirus, firewalls, and intrusion prevention systems (IPS).  

Use products employing 24/7 continuous monitoring to detect and  protect against harmful activity. Firewalls and intrusion prevention systems are powerful tools to block and identify threats. Strong protective and preventative controls can keep your systems safe. Just remember to continuously update and review your operating systems, 3rd party products and security tools like antivirus software. Cybercriminals evolve their attacks over time and regularly updating your software takes advantage of the latest patches, updates, and cybersecurity protection.  

Continued vigilance to navigate the future of cybersecurity  

The future of cybersecurity points to an uptick in attacks on practices, requiring vigilance and updated measures. Through employee training, password hygiene, action plans, and quality software, healthcare leaders can implement robust cybersecurity protocols.   

Cyber attackers will only become more sophisticated in their schemes. With the evolution of AI, machine learning, the key to a good defense is a good offense. 

Healthcare IT vendors can partner with your practice and become a team to handle all your digital needs including cybersecurity. Discover Greenway Health’s innovative solutions today. 

Discover more

 

Related Solutions

Fully bundled, cloud-based EHR and practice management solutions

A reimagined, cloud-based EHR in one, all-inclusive package*.

Learn More

Greenway Telehealth™

Provide remote care and increase patient engagement.

Learn More

Medical Practice Management Software

Customizable, forward-thinking technology to drive success.

Learn More

Learn More in the Knowledge Center

password protection do's and don'ts
Infographic

The do's and don'ts of password protection

Read More
Moving to a cloud-based EHR
Greenway Blog

Moving to a cloud-based EHR? Repurpose your IT Team

Read More
Upgrade your EHR to boost security
Greenway Blog

Running outdated software? Upgrade your EHR now to boost security

Read More
ransomware targeting healthcare
Greenway Blog

Step up EHR security to prevent data breaches and ransomware

Read More

Social

  • Facebook
  • Twitter
  • Linkedin
  • Instagram
  • YouTube
Footer menu
  • Term of Use
  • Privacy Statement
  • Your California Privacy Choices
  • Compliance
  • Careers
© 2023 All rights reserved. Greenway Health, LLC

Stay informed with Greenway Health’s latest news

Subscribe