• Politics
  • Diversity, equity and inclusion
  • Financial Decision Making
  • Telehealth
  • Patient Experience
  • Leadership
  • Point of Care Tools
  • Product Solutions
  • Management
  • Technology
  • Healthcare Transformation
  • Data + Technology
  • Safer Hospitals
  • Business
  • Providers in Practice
  • Mergers and Acquisitions
  • AI & Data Analytics
  • Cybersecurity
  • Interoperability & EHRs
  • Medical Devices
  • Pop Health Tech
  • Precision Medicine
  • Virtual Care
  • Health equity

These 3 cybersecurity strategies can help protect medical practices | Kyle Ryan


Independent practices are particularly vulnerable to breaches. But practice owners can take simple steps today to protect patient data.

As the cybersecurity landscape rapidly changes, independent practices have become a prime target for malicious activities.

Recent data from the U.S. government paints an alarming picture: healthcare breaches spiked significantly in early 2022, nearly doubling compared to 2021 figures.

Independent practices are particularly vulnerable due to fewer resources and are often less equipped to handle breaches. Cybersecurity requires a holistic approach on both an individual and organizational level. As healthcare security breaches continue to rise, cybersecurity doesn’t have to be complex: medical practice owners can take simple steps today to protect patient data.

1. Keep your software updated

Keeping your software up to date is critical and one of the most important steps to implement.

The good news is it is simple. Healthcare IT companies regularly release updates to fix identified vulnerabilities in their products. These enhancements indicate your software has a secure development lifecycle and is built to look for known weaknesses and development vulnerabilities before they become problems.

Regularly updating your applications helps ensure you don't miss out on these essential fixes. When these updates are available, you will be notified by your software provider, and either prompted to download the update, or it will do so automatically.

As a best practice, I would advise you to set updates to install automatically so that you always use the most secure version of your product.

2. Use a password manager and enable multi-factor authentication

Humans are often the weakest link when it comes to data security, using the same password across multiple accounts and platforms.

Although it may simplify having to remember passwords for each account, it increases the risk of credential stuffing, a term for hackers using previously stolen login credentials from one website and entering them into various sites until they find a match.

Every account should have its own long, unique, and random password. The simplest approach is to use an encrypted password manager like LastPass, to generate complex passwords for each account and store the information for you. Password managers are protected by a master password, ensuring your information is protected no matter who accesses your device.

Multi-factor authentication takes security one step further. By requiring users to provide another piece of proof before they can access data or a system, you add a layer of protection. This proof can include something you know (e.g., a security question, PIN, or knowledge-based authentication), something you have (e.g., a key fob or mobile device), or something unique to you (like a fingerprint, face scan, or retinal scan).

3. Use plus addressing for email

With email being the predominant communication channel within a business, email compromise is one of the most financially damaging online crimes.

In addition, scam emails often look and feel like they come from legitimate sources, making them a challenge to detect, especially when you have multiple team members with varying technical abilities.

Common hacker tricks include sending you a link to click on or requiring you to act by projecting a sense of urgency. Although you can take steps like contacting the sender or hovering over a link to preview its contents, “plus addressing” is more secure and reliable.

Plus addressing is an email practice where you can create receive-only email address extensions that look like [email protected]. The purpose of this is to verify the legitimacy of an email from a patient, partner, vendor, or external account. Plus addressing provides two benefits: it protects you against phishing scams and helps you filter out junk mail faster by creating multiple inboxes within one account.

As medical technology advances and the internet of things becomes a more significant part of our lives, medical practice owners must adapt their security efforts to contend with increasing cyber threats.

Cybersecurity requires constant vigilance and a proactive approach from everyone within your practice. It is important that everyone in your organization stays alert and actively safeguards data from potential malicious activity.

Kyle Ryan is the chief technology officer at Tebra, a cloud-based healthcare technology platform.

Related Videos
Related Content
© 2024 MJH Life Sciences

All rights reserved.