Did you know that cyber-attacks can cost you upwards of $400 or more per patient? Cyber attackers are after personal data like:
- Credit card information
- Birth dates
- Social security numbers
- Banking information
- Phone numbers
- Maiden names
These are 4 ways to keep your physical therapy clinic safe from potential cyber security threats:
1) Educate to Avoid Phishing Scams
Have you heard of the scam where the CEO emails the staff to ask for e-gift cards? It’s a super common scam and one that’s easily fallen for. Educating your staff on what a phishing scam looks like and how to avoid it is crucial for preventing cyber attacks. Here are some things to look for in a phishing email:
-Misspelled words
-Misspelled company email address
-Suspicious-looking links
-Improper grammar
-Too good to be true
-Strange salutation
2) Cyber Liability Coverage
You have car insurance, business insurance, health insurance but do you have cyber liability coverage insurance? Cyber liability helps your practice out in the event that you are successfully attacked; because even the best of the best are at risk for an attack. Here are the different types and what you need for coverage:
Security and privacy liability: investigations from a regulator or getting sued by a patient
Security breach response: coverage for crisis management and breach response
Cyber extortion and ransomware: victim’s data (PHI) is held until a ransom is paid
What you need for coverage:
-Up to $1 million in coverage
-24/7 access to DataSafe portal and customer service
-Free cyber risk report
-Online training for you and your employees
3) Set Up Policies for Digital Safety
Policies for digital safety and cautions are essential for avoiding potential attacks. These policies and procedures help your staff get trained in the who, what, where, when, and why of digital information sharing. These policies should protect both staff and clinic, while also remaining HIPPA compliant. You can find examples of policies on the web but here. are some of our favorite examples:
-Do not share patient information with ANYONE outside of the HIPPA compliant digital software your office uses
-Avoid platforms like Dropbox, Google Drive, etc. as these can be easily hacked
-Make password and security questions strong
-Always use a secure internet connection
-Ensure firewalls are always in place
4) Control Physical Access to Software and Technology
Tablets and laptops have made accessing patient information and storing it a breeze but it also increases the risks of patient data leaks. Controlling the physical access to tablets and laptops helps you to be able to trace use if and when an attack occurs. Keeping physical tabs on technology by using a sign-in/sign-out method, locking them away when not in use, and keeping the software updated will help protect you and the sensitive information stored on each device.