Cyberattacks remain serious threat to health providers

(HealthDay)—Cyberattacks remain a serious threat to small providers as well as big institutions, according to a report published in Medical Economics.

The authors note that cyberattacks are becoming more sophisticated, targeting medical devices that are networked with electronic health records (EHRs) and other health care applications, as well as smartphones. Small practices are also being targeted, with hackers assuming (often correctly) that their security is weaker.

According to the report, software should segregate levels of access to EHRs, allowing only authorized personnel to access health records, and monitoring and reporting who accesses records. Processes and technology should be boosted against evolving cyberthreats. Staff should change passwords regularly in order to prevent phishing attacks. Newer threats can be counteracted with additional technologies, including software that prevents USB drives from being used, mobile device management software that secures mobile devices, and secure platforms that allow for encrypted texting and data sharing. Cloud-based EHRs should be considered, as cloud providers have more resources to focus on security. Physicians should document their security measures to ensure they are being followed and to prove that they took adequate steps in the event of a breach.

"Documentation isn't just writing it down," Karen McMillen, CISSP, a security risk analyst with Asante, said in the article. "Some of this documentation happens automatically, such as [records] back-up that's documented electronically. That can demonstrate compliance."

Copyright © 2017 HealthDay. All rights reserved.