Medical Spa Phishing?
Phishing attacks have become more sophisticated and healthcare providers (especially cosmetic clinics) look like a prime target.
A few weeks after WannaCry’s attack on the NHS in the UK, a new cybercriminal group “The Team” hacked a Lithuanian clinic comprising private photos of their patients. The group demanded a ransom of around €50 to €2000 (approx. US$57 to US$2295), which should be converted to bitcoin. Among the compromised photos are nude photos and national IDs.
What do the WannaCry and “The Team”s hacking entail for everyone else in the globe? In simple terms, better security and privacy. However, it’s not easy to double up on security. You may need to heighten security measures on your devices and may have to change up any protocol concerning saving patient photographs and details.
The table below shows examples of privacy regulation acts in several countries
Several security measures you can implement in your practice:
1. Set up a cloud
A cloud, in internet slang, is the collection of data stored in one place. Think of it as “My Documents”, but online. It allows one person to upload a data and be shared and accessed by another person who has permission to the cloud. It’s a nifty application and there are companies that offer a cloud service for free such as Google (Google Drive), Dropbox, and Microsoft (OneDrive) and they have serious, inbuilt security features.
Do take extra caution as well; just because they're secure, you probably won’t be hacked. Make sure your password is difficult to guess. Additionally, do not feel lenient with a cloud service, have a back-up storage like a hard drive as well. However, if there's data you don’t need anymore, delete it.
2. Switch to a Secure Sockets Layer (SSL)
Ah, more internet lingo. You could ask your hosting provider about this. An SSL helps encrypt all data from one device to a website. This would help protect the data any patient will enter on your Contact Us form or through email.
3. Keep your systems updatedd with security patches
One of the simplest things you could do inside the practice is update your telemedicine devices. Smartphones, tablets, software, any gadget you use in the practice should remain updated with the latest OS, bug fixes and patches.
4. Educate your staff about Phisihing (and Spear-phishing)
Your staff is probably already well informed about HIPAA or your country’s own Privacy Act, the dangers of having data online, Wi-Fi passwords and such (Er... make sure your Wi-Fi is password protected.), but most attacks are not on the big players, they're a simple email that is sent to a staff member with an attachment or link that contains malware that can give access to a system. Sophisticated attackers simply find out a few emails and sends an email that looks like it's authentic.
Unfortunately, many people will just click the link.
Example: You get an email that looks like it's from a patient complaining about a reaction with an image/link. Your front desk staff clicks on that link and malware infects your front-desk computer.
Not somethign you want.
Always make sure you follow your country’s privacy guidelines as you continue to add more technology or software in your practice. Ensure the safety of all your practice’s data and of your patient’s. Don’t wait for another attack to impose security measures in your practice.