TMA has been alerted that a South Texas physician member is the victim of a cyber attack in which a thief hacked into the physician's computer and is demanding money in exchange for the key to access the encrypted information.
Unfortunately, this physician's experience isn't uncommon. Eighty-one percent of health care executives say their organizations have been compromised by at least one malware, botnet, or other cyber attack during the past two years, and only half feel they are adequately prepared to prevent attacks, according to the 2015 KPMG Health Care and Cyber Security Survey. More concerning, 16 percent of health care organizations say they cannot detect in real time if their systems are compromised.
"TMA would like to again warn our members of cyber hackers and the possibility of ransom requests for the return of your patients' billing information and medical records," said TMA President Tom Garcia, MD. "Please consider reviewing your liability coverage to include this risk, because it is a risk."
John Southrey, manager of Consulting Services at Texas Medical Liability Trust (TMLT), says the company is "committed to protecting physicians in all areas of practice, and cyber crime is a critical concern. To combat this rising threat, TMLT includes comprehensive cyber liability coverage in all of our policies. We also offer customized services to help large groups, small offices, or individual physicians arm themselves against online threats." Learn more about TMLT's cyber liability coverage.
If you are the victim of a cyber crime, report it to the FBI.
Physician practices aren't the only groups targeted by cyber criminals. ABC News reports the FBI is investigating a malware attack on Medstar Health Inc. Following the attack, the hospital chain had to use paper systems, and patients couldn’t book appointments. According to the report, the hospital doesn’t believe the thief stole or compromised any patient information.
Malware is the most frequently reported line of attack, according to 65 percent of KPMG survey respondents. Botnet attacks, in which computers are hijacked to issue spam or attack other systems, and "internal" attack vectors, such as employees compromising security, were cited by 26 percent of respondents in the KPMG survey.
Areas with the greatest vulnerabilities within an organization include external attackers (65 percent), sharing data with third parties (48 percent), employee breaches (35 percent), wireless computing (35 percent), and inadequate firewalls (27 percent).
TMA says physicians should protect themselves against ransomware and other malware by making sure their computer systems are backed up on a regular basis to an external drive or backup service. In addition, physicians should consider setting up their email accounts to deny emails sent with executable files (.exe file extensions), patch or update their software on a regular basis, and enable automatic updates whenever possible. Computer systems should have a reputable anti-malware software, as well as a software firewall implemented to help detect threats. Taking these precautions should allow you to avoid infection or quickly recover from a malware attack.
For more information, read "Cyber Crimes" in the July 2014 issue of Texas Medicine.
Action, April 1, 2016