As regular readers know, I'm pretty passionate about data security. I try and use 'best practices' in all of my digital endeavours, but especially so with things dealing with the office. Our profession has seen a huge impact due to data breaches in the last 2-3 years and unfortunately it isn't going to go away. Since the Covid shutdown in 2020, healthcare has been either #1 or for sure in the top 5 of data brach targets.
Many doctors just don't comprehend the costs that come from suffering a breach. In addition to all of the fuzzy costs of office downtime, network rebuilds, loss of reputation, there are huge fines that can be issued by the federal government.
Recently a dental office in Indiana had to pay a fine of $350,000 due to suffering a breach. This, of course was in addition to all of the other costs that come with this nightmare.
So please take this seriously. This is an issue that requires professional help and the help needs to be a company that deals with data security as their main focus. Your local IT person who keeps your office network humming along is probably not skilled enough in this area. Many doctors who suffer a breach can't understand what happened as they asked their IT professional if they were protected and were told they were.
This isn't a slam on those folks. Just like we, as doctors, refer cases that are outside our level of expertise, an office needs someone who deals with security for a living. The criminals who perform these intrusions are professionals. Many are computer scientists with graduate degrees. They make their living by using their knowledge to exploit little known weaknesses in an office's security profile. My point is that the people who are doing this are incredibly smart and are experts at what they are doing. You need that same level of expertise to protect you.
I have NO financial interest in this, but I've been very impressed with Black Talon Security and I feel they do a great job. If you want to as protected as possible, reach out to them.
> Your local IT person who keeps your office network humming along is probably not skilled enough in this area.
ReplyDeleteYes. Your local IT person typically isn't competent enough to run your network let alone keep it secured properly.
I'm still dealing with 5 offices that were sold off in June of 2024. Thanks to the incompetence of the new owners who all say their IT guy "is really smart", we still have full access to their entire network.
If we were less than honest, it would be trivial to grab the patient data and sell it to the highest bidder. Repeated calls to the doctors telling them of the security issues--like antivirus being unlicensed and no other AV products being installed results in repeated assurances that their IT guy is "really smart".
I don't see a way to fix these problems in healthcare. Even the massive government fines typically get handled by "cyber insurance".