Recently a Roanoke, Virginia dentist told a local news station that her patients received “aggressive” emails telling them they owed money for services they never received. Those patients were told to send money immediately. The practice had been hacked.
Hackers know they can go after communications sent via email service providers like Gmail, Outlook, Yahoo! etc., because they exist on a public domain. That makes the message, and Protected Health Information (PHI) in them, accessible by hackers.
How do you protect your patients and practice?
Take appropriate technical compliance steps.
- Store your data in secure and private data centers, rather than on your practice computer.
- Comply with the federal government’s five HIPAA Technical Safeguards, which are required by law:
- Transmission Security: PHI is encrypted at the highest levels when shared.
- Authentication: Senders and recipients are always verified.
- Access Control: Only authorized persons can view secure data.
- Integrity: PHI is unaltered and protected.
- Audit Control: All user access and activity is tracked in detail.
Exercise caution with emails.
- Educate your staff to immediately stop and assess the situation any time a suspicious link or information request comes through email.
- If possible, contact senders outside the thread to ask about links or attachments that appear unusual (strange subject lines, unusual wording or topics, etc.)
- Even if the email looks legitimate, make sure your team raises questions prior to sharing confidential information, like account details.
It’s not just you and your computer that can be affected by hackers. The moment you click on a malware link, you hand a hacker a key to access and take down your practice. You may even reveal pathways for them to victimize your colleagues and other contacts. But by following the tips above, you can keep your practice and your patients’ information safe.