Physicians’ efforts to protect patients’ private medical information could be in jeopardy as Texas medical practices — large and small — face an increasing cyber-attack threat that can leave health records vulnerable. The computer-hack threat, known as ransomware, is software designed to invade and block access to office computer systems that store patient information. To regain access, cyber thieves typically demand ransom payments in exchange for an encryption key to unlock the system. Reports of ransomware extortion have made national headlines and are now occurring in Texas at an increasing rate.
TMA is raising physicians’ awareness of the threat of ransomware and will help them manage their security and technology risks. The following resources have been compiled to help physicians better protect their practices from cyber security threats.
The Rise of Ransomware: Surge of Records-for-Ransom Attacks Makes Tightened Digital Security More Important Than Ever (Texas Medicine, August 2016)
Cyber Threat Invading Texas Puts Patient Records at Risk (TMA news release, Aug. 15, 2016)
Is a Ransomware Attack a HIPAA Breach? (TMA Practice E-Tips, July 29, 2016)
HIPAA Gap Analysis and TrainingA gap analysis and on-site training is conducted by a TMA consultant. We provide training for physicians and staff on HIPAA fundamentals and Texas medical privacy laws.
Ransomware and Cyber Security Threats: Protect Your Practice(On Demand Webinar)With the risk of data breaches come potential HIPAA violations, while ransomware can disable your practice by encrypting your patient data, making it inaccessible until you pay a ransom. You can take steps to protect your practice. This course will tell you how to mitigate the risk and respond appropriately if you experience a breach or ransomware demand.
HIPAA Compliance: Risk Assessments and Analysis (On Demand Webinar)Where do HIPAA-covered entities, such a physician practices and their business associates, most often make their biggest misstep? It’s in performing an inadequate risk analysis.
HIPAA Security: Compliance and Case Studies (Publication)If you store and transfer protected health information electronically, you need to have safeguards in place throughout your practice’s procedures, from thumb drives to firewalls, to prevent a leak.
What Every Physician Needs to Know: Cyber Security Best Practices - TMLT
Your Money or Your PHI: New Guidance on Ransomware To help health care entities better understand and respond to the threat of ransomware, the HHS Office for Civil Rights has released new HIPAA guidance.
Ransomware and HIPAA Fact Sheet – HHS Office for Civil Rights
Top 10 Tips for Cybersecurity in Health Care – Office of the National Coordinator (ONC)
Cybersecure: Your Medical Practice – Privacy & security training game by ONC
Cybersecure: Contingency Planning – Privacy & security training game by ONC
Security Risk Assessment (SRA) Tool HHS downloadable tool to help providers from small practices navigate the security risk analysis process.
Got Cyber Security questions? Call or email the Knowledge Center.
The Texas Medical Liability Trust (TMLT) includes comprehensive cyber liability coverage in all of its policies. TMLT also offers customized services to help large groups, small offices, and individual physicians arm themselves against online threats. Learn about TMLT Cyber Consulting Services.