Health Care Industry Targeted in Cyberattacks
Hackers are taking advantage of the COVID-19 pandemic’s increased burden on the healthcare system and the increased focus on providing telehealth services; your ophthalmic practice’s IT system may be vulnerable.
Health care organizations, including hospital systems, were targeted with cyberattacks as the Trump administration released the COVID-19 emergency declaration:
- Health and Human Services Secretary Alex Azar reported that hackers attempted to access the federal agency’s network on March 15, even as workers struggled to respond to the coronavirus pandemic. The attack overloaded the agency’s servers with millions of hits over several hours but did not succeed in breaching the system, according to agency officials.
- Health and Human Services also issued a warning (PDF) last week to avoid a malicious website about a fake live map for COVID-19. When users visited the website, it infected their computers and systems with a program that can steal sensitive data. Here is the link to the real John's Hopkins University coronavirus (COVID-19) outbreak map.
- There are also phishing scams claiming to be COVID-19 updates from prominent medical institutions and employers. They fool users into clicking on a link, which then steals your data from fake login screens that capture user credentials.
- Hackers also succeeded in infecting the Illinois-based Champaign-Urbana Public Health District’s website with ransomware.
With the increased focus on providing telehealth services, your ophthalmic practice’s IT system may also be vulnerable. Practices need to monitor who has access to sensitive data on their internal and external electronic health record systems.
Exercise caution when opening emails from outside organizations even if they may seem reputable. Information on how to identify e-mail phishing and ransomware attacks can be found in the Health Industry Cybersecurity Practices (PDF) guidelines provided by the Department of Health and Human Services.
The Academy advises training your staff on how to spot suspicious electronic communications and doing an annual security risk analysis of electronic health records and other secure systems.
Remember, do not install multiple anti-virus applications because it can slow down the system and reduce the effectiveness of the software.
Viruses, malware and hackers pose a threat to patients and physician practices. The Academy has curated resources and has tips for physicians and health care staff to protect patient health records and other data from cyberattacks. The HIPAA Security Rule requires practices to conduct a security risk analysis and mediate any identified risks.
Prepare for Cyberthreats
Respond to Cyberattacks
Anti-virus protection is important to protecting your practice’s data. The Academy has curated a list of trusted products below.
Important: Do NOT install multiple anti-viruses. Most products (like Windows Defender) will stop running when another product is installed. Others may still run but will slow down the system and reduce the effectiveness of each anti-virus product.
Train Yourself and Your Staff
The Academy has identified a few free cybersecurity training options below.
Videos From the Academy
Ophthalmology Mutual Insurance Co.
Info From the AMA - Physician Cybersecurity Resources
The AMA has also developed tips and advice on protecting your computers and network to keep your patient health records and other data safe from cyberattacks.
Download and share with your staff and IT: