Avoid a hack attack! How to prevent security breaches in healthcare
Although it happened a couple years ago, Ethan Bing, Practice Administrator at Medical Colleagues of Texas (MCT), remembers the data breach as though it were yesterday.
The practice was on its own servers at the time of the breach and as a result, moved to Intergy On Demand, the hosted solution.
Responding to a cyberattack
Physicians approached him to report the system was lagging. Ethan logged into the servers, and discovered rogue accounts.
“I remember being terrified as we had to pull the plug on our system,” he said. “I had no answers for our staff or for our physicians on really what was going on, what we were doing or when we could come back.”
How did the 11-doctor multi-specialty group in Katy, Texas, respond? Over the next year, MCT sent more than 50,000 patient notifications. It paid for credit monitoring, enlisted a third-party call center for about three months, and went back and forth with reporting to the HHS Office for Civil Rights (OCR).
Ultimately, the practice implemented new policies and procedures, training, and upgrades such as more stringent password requirements.
The move to Intergy On Demand “was an obvious decision,” Ethan said, due to the security experts Greenway provided.
“A practice of our size and even bigger, can't afford to have experts of that caliber … working on our systems every day,” he said. “So it's been great.”
“Data security is becoming incredibly complex and expensive, and it's going to continue on that trajectory.”
Ethan Bing, Practice Administrator, Medical Colleagues of Texas
How to prevent security breaches in healthcare
Ethan suggests practices review their cyber security policies and get a third-party assessment of their systems.
How else can your practice prevent security breaches in healthcare? Here are some tips:
Use the HIPAA security risk assessment tool available here. It can help your practice comply with HIPAA’s administrative, physical, and technical safeguards.
Create a disaster plan to establish protocol in case your system goes down.
If you haven’t yet, consider moving your EHR to the cloud.
Healthcare providers comprised 70% of entities reporting data breaches.
The 2019 Breach Barometer
“Data security is becoming incredibly complex and expensive, and it's going to continue on that trajectory,” Ethan said.
Small and medium-sized practices often lack the capability to protect against the new cyber criminals and tactics. For many practices, it’s unrealistic to have an extensive IT staff, and cloud hosting makes sense because it offers data security, as well as incident detection and response, in a monitored environment. Read more about cloud hosting.
“Finding ways to outsource that security to the experts is key,” Ethan said.