Telehealth physicians: are you cyber secure?

“Oops! I just donated $100 to a Nigerian prince and now my patients’ medical records are on the Dark Web.”

No one in your practice will ever say that (hopefully), but some very smart people are falling for less-obvious schemes.

These times have been especially challenging for medical professionals. You’ve quickly had to adjust to seeing patients via virtual offices and telehealth solutions.

Because you have reduced your physical exposures to other people to limit the spread of COVID-19, you’re now increasing your virtual exposure to cyber breaches - so it’s important to keep your business and your patients protected.

First, some good news – the government has temporarily reduced enforcement of the HIPAA privacy and security regulations by waiving penalties for violations as long as medical professionals are acting in good faith. These changes allow:

  • Communication with patients’ family members without the patient’s consent
  • Free disclosure of private health information to the CDC or state/local health departments
  • The use of telehealth services through any non-public communication technologies (including FaceTime, Facebook, Skype, etc.)

Although this cuts down on the likelihood of regulatory fines, there are other risks to watch out for.

What are my risks?
  • Security and privacy of your patients’ data. Any time you collect, transmit or store private data, you run the risk of having it accessed by an unauthorized user. The risk is higher if you don’t have adequate security precautions in place or clear policies for your employees to follow.

  • Becoming a bigger target. Giving more employees and patients access to your private network opens the door for more security risks and increases the chances of being sued or penalized.

  • Phishing and ransomware. Hackers may use phishing emails or malware to expose your company’s data with just one click. Ransomware is also used to lock up your systems and data until you pay the hacker to re-gain access. Look out for unsolicited or suspicious emails from healthcare organizations that you would typically trust that can download malware onto your device.

  • For example, some hackers are posing as the Centers for Disease Control and Prevention or the World Health Organization and sending out fake links to “new COVID-19 regulations.” Not all phishing emails are obvious!

  • Liability and licensing. Your business is financially responsible for your patients’ losses if private information is compromised. Additionally, to avoid legal liability, make sure you stay on top of the ever-changing rules and guidelines being implemented – including having proper licensing in all states your virtual patients may be calling from, not just the one in which you work.

  • Losing trust from patients. Perhaps the scariest threat of a cybersecurity breach is losing the patients’ trust you’ve worked so hard to gain. Breaches can be damaging to your reputation and scare away new potential patients.

How can I protect myself?
  • Use multi-factor authentication like passwords, biometric scans, and smart cards to verify users. You can track devices and even use identity-verification questions if something doesn’t seem quite right. This can help protect you from HIPAA violations by ensuring you’re giving access to the right patient.

  • Keep anti-virus software and malware scanner software up to date. These kinds of software help detect and warn you of malicious programs and activity. Outdated anti-virus software is vulnerable to new versions of malware that can attack your network.

  • Develop strong security training programs for employees. Oftentimes employees can be tricked into accidentally enabling a cybersecurity attack. Keep employees informed of the risks, and train them on how to spot issues before it’s too late.

  • Use a VPN network and encryption technology. A VPN (virtual private network) gives you online privacy and anonymity by establishing a secure and encrypted connection to keep your private information secure. This keeps your private data out of the hands of anyone without access to your specific network.

While these are all good measures of preventing cyber breaches, accidents happen. When they do, you will want to be covered appropriately.

What can cyber insurance do for me?

Cyber insurance can help you hold onto your financial assets and repair your company’s reputation. Depending on your coverage, you can cover the costs of:

  • Rebuilding your network and replacing lost income
  • Sending notifications to customers, compensating their losses and monitoring their credit reports (required in some states)
  • Handling crisis management and public relations
  • Paying regulatory fines and legal costs

Some insurance companies provide small businesses with risk management services that provide free or discounted risk assessments, employee training and protective hardware or software.

Want to check out your options for top-rated cyber insurance... which may include adding it to a money-saving business owner’s policy (BOP)? Call our friendly, licensed Mylo advisors for a custom consultation on the right coverage for you.

The right coverage for you? Surprisingly simple.