• Industry News
  • Law & Malpractice
  • Coding & Documentation
  • Practice Management
  • Finance
  • Technology
  • Patient Engagement & Communications
  • Billing & Collections
  • Staffing & Salary

Malware and Antivirus Protection

Article

Insidious software and hidden viruses living in your computers could be threatening confidential records and practice productivity. Here’s how to protect yourself.


I once had the fortune of working in an academic medical environment affiliated with a very tech-savvy university, where most nonclinical computer system activities, including Web surfing and e-mail, were managed by the university. I found myself constantly grumbling under my breath when, during my Web surfing, I was confronted with the dreaded message, “This site is blocked by your system administrator,” and some other warning about how my computer would probably melt or turn into a black hole.

I’d often lament to my peers about the woes of such strict policies. That was, until I heard about my colleague’s experiences. His medical group, which was quite large, had considerably more lax Internet policies regarding Web surfing and e-mail attachments. After years of such an approach, their network was crippled by a relatively common virus, which had not even produced the faintest hiccup at my facility. Even the medical equipment with PCs attached had succumbed to the attack, as many of those devices were configured with unfettered-Web access.

In medical practices, particularly with regard to technology, daily operations tend to focus on support of the fundamentals. Activities like generating claims and getting electronic billing out the door often take precedence over the more mundane matters such as virus and malware blocking. Even worse, some of the best of us in IT can see issues like antivirus and malware blockers as problems for the rookie PC junkie on staff, not as something that needs to be part of high level IT strategy planning.

Beware of an attack

While the term “computer virus” has been on the scene for some time, the word “malware” is a bit newer to the vernacular of even the savviest PC user. While a computer virus may take many forms, malware is a more gray area. Malware is software that can originate from any number of places, much like a virus. Basically, it shouldn’t be on your PC. It can potentially damage your computer, steal confidential information, or be used to leverage your PC as a “zombie” to attack other computers - all without your knowledge.

To compound the issue, malware is often installed on a PC without the user even knowing it. The most horrifying part is that malware exists all over the Internet, and can come from Web sites, as hidden parts of e-mail attachments, or even in what might seem like dead or invalid Web links sent to you from what appears to be the e-mail address of a friend.

After my friend’s experience, I realized that the organization in which I had worked might have seemed a bit harsh in their policies, but the reality was that those very policies kept our systems shielded from this new flavor of security breach (caused by malware), as well as from more traditional virus attacks.

Protecting the practice

How should you protect yourself? It’s a combination of technical solutions and staff education. First and foremost, if you are serious about protecting your systems (and you should be), there can be no sacred cows. Everyone must accept that these policies are in place to protect one of your most valuable assets: your data. There can be no exceptions.

Next, it is important to establish and enforce a well-defined understanding that computer assets within your organization are for use in work activities only. While some amount of personal use of the Internet is going to happen, it needs to be clearly established that such personal use is the exception, not the routine.

In more technical matters, smaller practices may need to farm out this work to their chosen IT contractor, but the following are some fundamentals to help protect you from problems. It’s important to understand there is no single solution. Protection from threats is a multilayered approach, and often involves a number of different software applications, hardware applications, and user policies, all of which must be vigilantly maintained to deal with an ever adapting set of threats.

  • Choose and deploy one centrally managed antivirus software solution. Compare costs, and consider the cost to your business if you should experience data loss and system downtime from a virus outbreak.

  • Establish rules that no personal external devices may be connected to company computers or equipment. This includes USB storage devices, digital music players, PDAs, cell phones, and digital cameras. Allowing this type of activity is just asking for trouble. You might even consider disabling USB ports on your PCs.

  • Implement a spam filtering system as a complement to your existing e-mail system to help block harmful attachments and links from making it into your network. If you are a small shop and your e-mail is hosted by another company, contact them and discuss options for spam filtering. Educate your staff on the numerous paths by which viruses and malware can make it to your network. Ask your IT staff to show you some example scam e-mails, including e-mails that might look legitimate, but are instead methods for introducing malware and viruses to your network.

  • If possible, isolate your network into different subnets, sometimes known as VLANS. This puts devices such as PCs linked to medical equipment on an isolated network, and may help minimize the impact should something make its way into your network.

  • Implement centralized control systems to limit Web surfing. There are a number of good vendors in the marketplace selling low maintenance hardware solutions, which can be placed between your network and your Internet provider, that block known Internet sites containing malware, viruses, or any malicious or questionable content. While not fool-proof, this layer can substantially reduce your risk. Be careful of shared drives, which are common file storage areas, and the administrative rights provided to users on these drives. Drive sharing is handy and common in the office, but be certain these arrangements have correctly set permissions to prevent someone from having too much access.

  • Close ports in your firewall. Smaller offices often have a tendency to set up their Internet connections wide open, meaning many unnecessary ports, or doorways between your network and the Internet, are open.

Before you decide these moves will be too expensive for your practice, consider the overall costs. Can you say with 100 percent certainty your PC is free of malware?

There are upfront costs, as well as some ongoing maintenance costs (in both staff and software), but those are miniscule, especially when you consider the costs from the loss or corruption of data and interruption of system availability. Implementing a layered approach, with varying combinations of the above items which fit your budget and setup, will save you money (and headaches) in the long run.

Jonathan McCallister is a client-site IT manager for a major healthcare consulting firm, and he is currently assigned to a 140-physician practice. He has worked in healthcare IT management for more than eight years and in general IT management for more than a decade. He can be reached via physicianspractice@cmpmedica.com.

This article originally appeared in the March 2010 issue of Physicians Practice.

Related Videos
MGMA comments on automation of prior authorizations
Erin Jospe, MD gives expert advice
A group of experts discuss eLearning
Three experts discuss eating disorders
Navaneeth Nair gives expert advice
Navaneeth Nair gives expert advice
Navaneeth Nair gives expert advice
Matt Michaela gives expert advice
Matthew Michela gives expert advice
Matthew Michela gives expert advice
Related Content
cybersecurity | © kras99 - stock.adobe.com

How to prepare for and minimize the impact of cyberattacks

April 18th 2024
Article

With such a broad range of potential security weaknesses, organizations must take a layered approach to IT security.

Digital Marketing for Independent Practices

Digital Marketing for Independent Practices

October 25th 2021
Podcast

Physicians Practice® spoke with Rachael Sauceman, the head of strategic initiatives for Full Media—a digital marketing agency based in Chattanooga, Tennessee—about how practices can best market their services in the digital realm.

paper stack | © Elnur - stock.adobe.com

Automation's role in easing the burden of prior authorizations

April 9th 2024
Article

It’s clear the state of PA must change. Artificial intelligence has a role in streamlining administrative tasks.

The Virtual Waiting Room

The Virtual Waiting Room

October 11th 2021
Podcast

Physicians Practice® spoke with Hari Prasad, CEO of Yosi Health, about how what practices need to know about setting up and making the most of their virtual waiting rooms.

AI talk robot | © Limitless Visions - stock.adobe.com

Improving physicians' people skills with AI

April 1st 2024
Article

AI can help physicians refine their people skills to improve care

phone call | © Pixel-Shot - stock.adobe.com

Alleviating call volume for physician practices

March 27th 2024
Article

The days of “bad ‘bots” are behind us so put smart virtual assistants to work in your practice to reduce call volume, deliver self-service options to patients and improve operational efficiency.

© 2024 MJH Life Sciences

All rights reserved.