June 27, 2024
 
Question:
Hi Jennifer,

Given the recent ransomware attack on Change Healthcare and the ongoing threats from groups like Qilin, should I reassess my cybersecurity measures in my healthcare practice? How do these events impact small practices like mine?

Thanks, 
Dr. H



Answer
Direct impact - to your reimbursement, supply chain, and patient data (on direct hit).  

Recent cyberattacks, such as the one on Change Healthcare, highlight the need for strong cybersecurity measures in healthcare practices of all sizes. These attacks can disrupt operations, cause financial strain, and lead to legal risks. Government bodies like HHS have stepped in to help mitigate these impacts, while major insurers are also adjusting their processes. Meanwhile, threats from groups like the Qilin ransomware group continue to target healthcare organizations, demanding large ransoms and affecting practices nationwide.

To protect your practice, the first maxim to accept is (limited exceptions may exist!) you are NOT an IT expert.   In fact, you are likely not qualified to even identify a proper IT expert.  Once we acknowledge these facts, we can get started on step 1 - identifying and hiring a qualified firm (preferred) or individual to implement IT protocols and controls, including, but not limited to, annual security risk assessments, regular data backups, malware protection, updated security software, access control, and incident response plan. Cybersecurity isn't just about prevention; it's about preparation.   It’s also about liability protection - Step 2 -  assess Cyber insurance asap to insure against most common cyber risks. 

Don't wait for a potential breach to take action. Stay protected, stay proactive!   Contact our office for assistance or recommendations at any time.