Diagnosis: improve cybersecurity in your small healthcare business

Featured On

EntrepreneurForbesBuisiness InsiderAxios
This article contains

Imagine this: You’re a healthcare professional arriving bright and early at your healthcare place of business and are ready to treat your first patient of the day. You go to access your patient’s online health data, but instead of seeing the patient’s digital file, you see a message saying that your business data has been encrypted and you must pay a substantial fee if you want access returned to you. In an instant, your business has been paralyzed, possibly ruined. 

Sadly, this scenario or something similar to it has played out in the real world far too many times. In February 2020 alone, 1,531, 855 healthcare records were breached. In fact, the Wall Street Journal reported that cyber attacks on healthcare providers had become so damaging that some providers were turning patients away. Still others actually had to completely close down their business because they couldn’t recover from the attacks. Of course, hackers and cyber attackers don’t care about the far-reaching consequences of their actions. They’re just looking for big payoffs and attractive targets. But what exactly makes healthcare SMBs so attractive to cyber criminals?

Why healthcare SMBs are attractive to cyber criminals

Small and medium sized healthcare providers are attractive to cyber criminals for two fundamental reasons: Their defenses tend to be weak and they are a treasure trove of valuable data. Hackers steal thousands of medical records from health organizations every year, many of which are sold on the darknet for thousands of dollars. Those records contain full names, addresses, financial information, personal history, social security numbers and other valuable information. Buyers on the darknet then use the information to create fake IDs, set up credit lines, take out loans, or simply to gain unauthorized access to bank accounts. In addition, data is not just stolen. Sometimes it’s encrypted and held hostage. When this happens, the healthcare organization that has been victimized must either pay the criminals a ransom fee to get the encryption code that will return their access to their data, or run the risk of never seeing their data again. Ransomware can effectively hold an entire business hostage. For example, take the case of the small, physician-owned medical practice in Michigan that was a victim of a cyber attack in April, 2019. When the practice declined to pay the ransom fee, the cyber attackers responded by destroying all of the organization’s patient records, appointment schedules, and financial information – everything was wiped clean. The Michigan health practice ended up closing up shop rather than face the daunting task of rebuilding its entire practice. 

The diagnosis

Clearly, the consequences of a cyber attack can be devastating. Cyber attacks can ruin patient trust, cause financial havoc, cripple business operations, threaten medical care, and even cause businesses to close their doors permanently. The diagnosis? Unhealthy cybersecurity practices. The cure? Make your healthcare SMB cyber healthy. Cybersecurity is critical to both business and patient safety and a must for mitigating cyber risk.

Keeping your healthcare SMB cyber healthy

On the bright side, making your business cyber healthy and secure isn’t difficult or costly. Start by making sure that all your software and operating systems are always up to date with the latest security patches. These patches will protect your devices against the latest known exploits and vulnerabilities. Next, if you don’t have it already, get the best antivirus for small business 2020 and install it today. This is the most important measure to take to ensure that your business is protected from cyber attacks. And make sure it’s a comprehensive endpoint solution so that all of your devices are protected. Then, invest in security training for your employees. Employees are considered the single biggest cyber threat to any organization. They are responsible for most of the breaches caused by social attacks such as phishing or spear phishing attacks. And while some attacks are the result of intentional abuse, many are the result of simple employee mistakes that could have been avoided had the employee been properly trained in cybersecurity. Lastly, make sure your organization follows password best practices such as always using different passwords for different accounts, never sharing passwords, creating passwords that are least 10 characters long and include a combination of upper and lower case letters, numbers and special characters. 

Prevention is the best cure

When it comes to the cyber health of your healthcare business, the diagnosis is in; prevention truly is the best cure. A smart frontline defense comprising a powerful endpoint antivirus solution, cyber-aware employees, and a proactive cybersecurity plan that ensures that all software is up to date and that all proper security measures such as best password practices are implemented and followed, is vital to the cyber health of every organization.