Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
As attacks against Australian healthcare organisations of all sizes grow, some simple steps could make all the difference for smaller practitioners.
In recent months, thousands of Australians have seen some of the most personal information imaginable leaked to the dark web – patient records.
Everything from cancer diagnosis to fertility reports, records from GPs, and medical imaging specialists have all been compromised by hackers and ransomware operators. Procedures have been delayed, lives impacted, and, sadly, it’s likely going to happen again and sooner rather than later.
Opportunistic cyber criminals are not shy about targeting healthcare data, and it’s often smaller medical centres and practices that bear the brunt of malicious activity.
“Hospitals may have stronger defences, but attackers know the weak link often lies in the smaller, less protected third-party medical providers,” Louise Hanna, general manager of Excite Cyber, told Cyber Daily.
“Medical professionals running small or private clinics should urgently review their cyber security protections and enhance them.”
For any smaller practitioner looking to boost their cyber resilience, it may seem like it’s quite the mountain to climb, but according to Hanna, some of the most effective measures are also some of the simplest to implement.
Here are eight key steps to protecting patient data and keeping your medical practice secure.
1. Audit personally identifiable information
You can’t protect what you don’t know you have, and this is doubly true of patient data. Perform an audit on every piece of data you hold and where it’s held. Understand how well protected it is – or not – and take any necessary steps to keep it safe. Hiring a penetration tester may seem excessive, but it is eminently worthwhile.
2. Use strong, unique passphrases
Don’t reuse passwords, and insist on complex passphrases that utilise a wide array of characters.
3. Enable multifactor authentication (MFA)
Email and patient management systems, in particular, are worth protecting with an added layer of security. Using an MFA app or SMS code to access sensitive information may add a little bit of user friction, but the added security is worth it.
4. Back up critical data regularly
Backups should be regular, stored offsite, and regularly tested to ensure fast recovery in case of ransomware attack or similar disruption.
5. Train all staff in cyber security awareness
Educate staff to be aware of phishing attempts and social engineering attacks and to be wary of suspicious links.
6. Update software and systems
Keep everything from operating systems to software patched, with a special focus on antivirus software. Staying abreast of the latest security updates and patches can lock out cyber criminals at the very first step.
7. Limit access to sensitive data
Use role-based permissions to ensure that only staff who need access to information, such as patient files, can access that data.
8. Undertake regular security reviews
Review all of the above regularly to ensure that all systems – digital, backups, and staff – are up to date. Security is a constant, not a one-off affair, but by performing regular reviews, you can be on top of the changing security needs of your practice.
Third-party security specialists can be useful for large and small healthcare organisations, but at the end of the day, the responsibility for protecting patient data rests with the practice and its owners.
“It’s also important to remember that while you can outsource the storage and operations of the IT systems used to support your practice, you can’t outsource responsibility for protecting the data,” Hanna said.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
