5 Ways to Thwart a Cyberattack on Your EHR

May 17, 2016
Aine Cryts

From background checks on employees to investing in new software and hardware, your practice has to be prepared. Here are five ways to stop a cyber criminal from infiltrating your EHR.

Time and money matter when it comes to preventing a cyberattack. If you don’t allocate enough time or resources to update software patches and updates to your EHR, your practice could be vulnerable, said Jim Kelton, managing principal at Costa Mesa, Calif.-based Altius Information Technologies.

One step to protecting your EHR is to know that every piece of software has a useful life, like with the Windows platform, said Kelton. When the EHR vendor updates its software, about every three years, it’s a good time to consider investing in new hardware.

Here are four more ways you can help prevent a cyberattack at your practice:

Do background checks on prospective employees and consultants. Most of the people who make their money from criminal activities are serial bad actors, said Lee Kim, director of privacy and security at the Health Information and Management Systems Society (HIMSS). What's more is that many of them are never prosecuted. That’s why it’s so important to check out the backgrounds of potential consultants and employees.

“It can alleviate a lot of heartache, simply doing a background check,” she said. “It could be that someone was fired, but they were never criminally prosecuted,” added Kim.

Education about cybersecurity should be ongoing. Kelton recommends that practices do an annual training on security awareness, but shouldn’t stop there. Security training should be ongoing -whether that’s at regular staff meetings or in emails to staff or posters in the break room, he said.

Put technology safeguards in place to prevent cyberattacks. Kim recommends using a spam filter to block certain attachments that are known to contain malware, which is software that’s intended to damage or disable computers and computer systems.

Since a lot of cybercrime originates outside the U.S., your practice might also want to consider preventing anyone from outside the country from sending you email, she said.

Create an environment where staff feel safe reporting breaches. Breaches are often underreported or the organization impacted by the breach takes a significant amount of time to report it. Kim said that’s largely because employees are worried about losing their jobs if they report a breach. That’s why she recommends that practices make sure employees know it’s safe to report breaches.