There are reports from around the country of dentists being hacked. One dentist reported that her patients received “aggressive” emails telling them they owed money for services they never received. Those patients were told to send money immediately. The practice had been hacked.
Hackers know they can go after Gmail, Outlook, Yahoo! etc. because those communications exist on a public domain. That makes the message and Protected Health Information (PHI) accessible by hackers.
So what do you do, knowing just how quickly “business as usual” can become detrimental to you, your patients and your practice? How do you protect yourself?
Take appropriate technical compliance steps:
- Store your data in secure, private data centers, rather than on your practice computer
- Comply with federal law, including the federal government’s five HIPAA Technical Safeguards:
- Transmission Security: PHI is encrypted at the highest levels when shared
- Authentication: Senders and recipients are always verified
- Access Control: Only authorized persons can view secure data
- Integrity: PHI is unaltered and protected
- Audit Control: All user access and activity is tracked in detail
Prevent human error:
- Educate your staff to immediately stop and assess the situation anytime a suspicious link or information request comes through email
- .If possible, contact email senders outside the email thread to ask about links or attachments in an email that appear unusual in any way (strange subject lines, unusual wording or topics, etc.)
- Even if the email looks legit, make sure your team raises the question prior to sharing any confidential information, like account details
It’s not just you and your computer affected by hackers. The moment you click on a malware link, you hand a hacker a key to access and take down your entire practice. You may even reveal pathways for them to victimize your colleagues and other contacts. But don’t panic: with the right knowledge and applications, you can keep your practice and your patients’ information safe.
iCoreConnect’s fully HIPAA-compliant email, iCoreExchange is vetted and endorsed by FDA Crown Savings. iCoreExchange not only meets, but exceeds all five technical safeguards and all data is protected on its own private domain and server.