Identity theft, phishing scams, healthcare data breaches — the list for cybersecurity threats today seems endless. Recently, many ophthalmologists were affected by the cybersecurity breech in Change Healthcare, a clearinghouse for insurance claims and lab tests. This resulted in non-payment and delays in payments to physicians, disrupting many practices’ financial health. Another ransomware attack occurred with EyeCare Leaders’ (now Sightview Software’s) products mycare Integrity and iMedicware, electronic health record (EHR) and ambulatory surgery center (ASC) software products, resulting in significant breech of patient data and limited physician access to EHR.
Phishing emails continue to evolve, and gift card scams are an increasingly popular way for scammers to steal money. In these ploys, scammers send an email, often to a lower-level employee, impersonating a coworker or supervisor, asking the employee to purchase gift cards for a special event or even a surprise for the office. The victim is then asked to provide the gift card number and PIN, thereby giving monetary access to the scammer.
The use of AI has also produced new threats whereby scammers can impersonate a person’s family member and/or friends to request money or personal information. This is done with AI technology that manipulates videos and/or recordings found on social media to produce realistic-sounding voice recordings and/or videos. Examples of this new type of threat involve receiving a call from an AI-generated voice that requests money transfer or credit card number for a friend or colleague who is “stranded” in another city due to a travel delay or as the result of a robbery.
Below are some tips on ways to avoid these types of cyberthreats.
The main methods to combat and protect against personal and professional cybersecurity scams are through building awareness, education, and prevention. Educating your personal family and your work family about the existence of phishing scams and avoiding providing personal information to unknown callers and/or email requests is an important step. When receiving an email that appears suspicious, be sure to click on the email address of the sender. Often, this email address will be completely unrelated to the “company” sending the email. This is one simple way to detect an email scam.
Informing your family and employees that you would never request them to purchase gift cards, especially in large quantities or for large sums of money, is another way to avoid this type of phishing scam. Avoid clicking on links to “invoices” or other “payment” links from unknown or suspicious senders. Have a “safe” word or phrase for your family and colleagues to use in case you are the unfortunate recipient of a fraudulent “emergency” call.
For your practice, ask about cybersecurity when choosing and implementing a new EHR system. Cloud-based systems with duplicate/backup “pods” for information storage and those using AWS (Amazon Web Services), which provides security for NASA and Fortune 500 companies, are considered safer. Ask which best practices your system utilizes for prevention of cyberattacks. Many companies, including ModMed, employ hackers to constantly identify areas of possible data breeches, to fix and resolve them before they occur.
An additional consideration is purchasing cybersecurity insurance. There are several companies offering their products to medical practices. Check with your insurance carriers about the product offerings as well as the limits of liability. These may differ by state.
The results of cybersecurity breeches can be devasting both personally and financially. In this issue, you will find an excellent article highlighting some recent data breeches and the effects on ASCs and the physicians in those practices, as well as some preventative measures you could implement. Be informed, be aware, and remember, as I tell my kids, it is easier to stay out of trouble than to get out of trouble. OASC
