3 Strategies to mitigate your practice’s cyber risk

Cyber threats are growing more frequent and outpacing government countermeasures. Recent data from the US government paints an alarming picture: healthcare breaches spiked significantly in early 2022, showing nearly double growth compared to 2021 figures. Furthermore, in a recent report, the Health Sector Cybersecurity Coordination Center (HC3) warned that a new ransomware group, ‘Royal,’ poses a significant threat to the healthcare industry.

Small businesses like independent practices are more vulnerable to cyber threats because they have fewer resources to prevent and respond to breaches. Although threats continue to grow and seem complex, there are simple steps you can take today to protect your practice and your patient’s data.

1. Regularly update software

Updating your software regularly may be the best defense against digital threats. It is a simple task but is often avoided or delayed despite the known risks. Software companies regularly release new updates that address bugs, add new features, and, most importantly, provide security fixes for new vulnerabilities. As hackers become more sophisticated and find new ways to attack, software companies address these issues through updates.

As a best practice, select the option to automatically install updates overnight to ensure real-time protection while limiting disruptions to your practice operations.

2. Implement a password manager and multi-factor authentication

Forty-two percent of Americans use the same password on multiple sites and platforms. Replicating passwords increases the risk of credential stuffing, where hackers enter previously stolen login credentials to gain access to various accounts.

It is difficult to monitor human behavior and ensure every employee at your practice uses a unique password on each software program. However, implementing a password manager like One Password is the easiest solution. A password manager will generate and encrypt complex passwords with random and varying characters. In addition, it removes the barrier of remembering multiple passwords or storing them unsecured on your computer.

For added security, implement multi-factor authentication. With multi-factor authentication, users provide another verification level, such as a PIN, security question, or fingerprint scan.

3. Use a sub-address email for spam filtering

Among the most damaging cybercrimes are email compromises. Cybercriminals often send scam emails that look like they are coming from legitimate sources, enticing you to click on a link or take action by creating the impression of an emergency.

Sub-addressing, also known as ‘plus addressing,’ allows you to mask your email address behind an alternate address while still receiving messages in a single inbox. The benefits of using a sub-address are that it protects against phishing scams and allows you to filter out junk mail faster.

A ‘plus’ email address looks like email+extension@yourdomain.com. Typically, no setup is required, as it only requires sharing the sub-address email with new correspondents. Using this method, you can verify whether an email is from a legitimate patient, partner, vendor, or external account.

Your practice's financial data, protected health information, and personal medical records are valuable. Protecting these assets is critical. Stay ahead of cybercriminals by educating your employees on cybersecurity, implementing protective measures, and utilizing technology that can alert you if there are breaches.

As Chief Technology Officer at Tebra, a leading cloud-based healthcare technology platform, Kyle Ryan is responsible for all areas of technology with a focus on the vision and strategy for Tebra’s suite of products and services.