Get a great article like this in your Inbox each month

    No thanks

    Cybersecurity Tips for Surgical Practices

    Danielle Max | December 28, 2020

    Surgical practices spend so much time worrying about running afoul of HIPAA legislation that it can be easy to overlook the importance of cybersecurity. However, it’s not something to be taken lightly. According to the Verizon Data Breach Investigations Report, medical data is the most commonly breached data. 


    We spoke to cybersecurity expert Jack Kustanowitz, founder and principal at MountainPass Technology, who specializes in health tech and security to understand some of the most common threats and tips to overcome them. 


    Jack Kustanowitz


    Here is a summary of the discussion and tips to ensure your surgical practice is cyber secure:


    Following HIPAA helps with cybersecurity

    It turns out that HIPAA legislation does more than cover patient privacy, it also helps with cybersecurity by ensuring data and sensitive information is not exposed. For example:


    • Making sure staff don’t leave documents/records lying around the office, especially in public places. 
    • Ensuring sure staff don’t keep passwords on Post-it notes next to their monitors. This is problematic both from a cybersecurity and HIPAA perspective.
    • Checking that all terminals have antivirus software installed and terminals auto-lock after a certain amount of time if no-one is active on the machine.


    Antivirus is a must for every machine

    As mentioned above, make sure you have up-to-date antivirus installed on every machine in the practice – including laptops that are used for remote work. This protects employees against basic human error, such as clicking on a phishing attack or installing ransomware.


    The button many of us wish we had

    All on-site systems should have regular off-site backups. That means if there’s an attack, you have a safe point of reference to go back to. Used alongside antivirus software, you’re reducing the odds of attack, and reducing the impact of a possible attack (if it happens).

    Staff should also be trained on password security. The best practice these days is to store passwords in a password safe such as LastPass and 1Password. These password safes work by storing an encrypted version of the passwords in a way that even the companies themselves can’t retrieve them.

    Ensure staff working remotely are secure

    With an increase in remote work, staff who need to access PHI should do so from a work laptop only. The work machine should have all antivirus software updated and only connect to a secure home WIFI network. For general security, staff should be vigilant that every computer that connects to their home network should also have antivirus software installed and every computer that’s on this network should be protected in the same way as an office workstation.


    Mobile devices also need to be secure

    Ensure – both for personal protection and for PHI – to implement either a lock code, biometric-enabled fingerprint or face ID for any mobile device. That means that if someone gets hold of your phone somehow, they won’t be able to access any sensitive information it may contain.


    How it feels to use the biometric feature on a cellphone


    Do not send PHI over SMS/Text messages or personal email accounts

    Practices need to make it very clear that staff should not send text messages containing PHI to other staff – and this includes surgeons. Additionally, staff should not use personal email accounts to send PHI as this may not be secure. Staff should only use their work emails or HIPAA compliant messaging apps to transfer PHI and communicate about patient data. This will guarantee end-to-end encryption and is the only secure way to communicate. 


    Two-factor authentication is better than one

    For additional security, set up two-factor authentication for all accounts. This means in addition to needing a password to log in, users get a notification – usually to their cell phone – to make sure that they are actually the person trying to log in. 


    This way, if anyone else tries to access your work account, you can deny the authentication and they would not be able to get into your account – even with your password.

    Bottom line – cybersecurity adds a layer of hassle, but it’s a necessary hassle


    Anti-virus software isn’t nearly as courteous as TSA

    Just like security at airports is annoying, it’s something we’ve all come to live with. Being cognizant and taking precautions against cybersecurity in surgical practices is the same. Management at the practice should foster an environment that encourages staff to be aware of data security at all times. The policies mentioned above can make working life more challenging, but knowing your surgical practice has covered all the bases and has protected as much data as possible is very important and will hopefully ensure your practice is protected from any data breach and patient information won’t be compromised.


    To hear Jack Kustanowitz talk about cybersecurity with our very own Justin Rockman, watch our webcast here


    Find out more about Surgimate

    Surgimate staff and others recommend
    About the author: Danielle Max has a penchant for good organization and is on a constant mission to live a paper-free life. She loves to travel and dreams of finally visiting (the very organized) Japan one day.
    Published on December 28, 2020. All rights reserved by the author.

      Get an article like this in your Inbox each month.

      Write a response
      Thank you for sharing your thoughts with us,
      we just need to look it over before it pops up on our site. Give us 24 hours
      Related Articles

      Looking for a pricing estimate?

      Got it, thanks!

      We will contact you within 24 hours to answer all of your questions.

        Fill in your details below and we will send over our pricing structure customized for your practice.

        See Surgimate live in action.
        Got it, thanks!
        We will contact you within 24 hours to arrange the demo.

          What are you looking to achieve? You may select more than one answer.

          How can we help?

          Send us your details and one of our solution consultants will be in touch with you shortly.

          Got it, thanks!

          We will contact you within 24 hours to answer all of your questions.

            Hear first hand from a
            Surgimate customer

            Tell us which Surgimate customer you would like to be introduced to, or describe the type of practice - the number of surgeons, speciality, PM / EHR system they’re using, or any other information that will help us find the best match for you.

            Got it, thanks!

            We will contact you within 24 hours to answer all of your questions.

              First, please tell us
              about your practice...

              Got it, thanks!