The top three cybersecurity threats. As outlined in the health industry, meaning you, your acupuncture practice and cybersecurity.
Click here to download the transcript.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. Due to the unique language of acupuncture, there will be errors, so we suggest you watch the video while reading the transcript.
Hi, everybody. Good morning, good afternoon, whatever it may be for you. This is Perry Barnhill with the Fearless Acupuncturist, and in the background that you don’t see Dr. Julie McLaughlin. We want to give a big thanks to the American Acupuncture Council for bringing you this presentation on the top three cybersecurity threats that you need to be aware of in the context of your practice and hipaa.
Click here for the best Acupuncture Malpractice Insurance
Start slideshow please. I am gonna give big thanks to the a, a C for bringing this to you. All right, here we go. Let’s talk about the top three. There’s many tops, but we’re gonna start with the top three. Okay. The top three cybersecurity threats. As outlined in the health industry, meaning you, your acupuncture practice and AC cybersecurity.
Oh, so why do we teach hipaa? We understand what it’s like to have a practice. We understand what it’s like to take care of patients, and we also understand what it’s like to not really know for sure what it is we should know in regards to compliance and in regards to hipaa. So we’re here to teach you this and we’re gonna start going through some of these top three cybersecurity threats.
Get a Quick Quote and See What You Can Save
Again, myself and Julie we’re both he healthcare practitioners, as you can see, and also both have certifications in compliance. Alrighty. So let’s talk about some things, buzzwords, as I would say that you hear probably quite frequently, but don’t really think about in the context of your practice and in hipaa, social engineering.
So what does social engineering mean? Let’s go through this. Social engineering is a form of psychological manipulation that tricks users into making. Security mistakes and giving away sensitive information. It relies on human error. So it relies on things like our staff that may make a mistake and click the wrong link.
What we’ll talk about, and also mistakes that we as the providers may make as well. So in uses humans to make mistakes and instead of specifically using the software or actually your system to make a mistake, it tricks us by exploiting. Our human emotions. So let’s get into some of those things.
One, this is something that you really need to sit down, talk about, train with your staff such that they don’t get themselves in trouble with clicking on the wrong link. Now, what are some things you need to pay attention to? This is what they call phishing. If you’ve ever heard the word phishing, it’s not like catching a fish in the water, but these crooks are out there phishing for us to make mistakes and trick our brains into clicking something we shouldn’t click.
So if for example, number one here, if you don’t recognize the sender in an email, for example, do not click it. Okay? If you’re not expecting an attachment or an email. You may not wanna be clicking it. ’cause if you click it, you might get yourselves in a whole lot of hot water. What about this one?
Does the from address match the message? When you get an email, look at these things closely. You’d be surprised. But the little things here, these little tips, could prevent you from having the compromise of protected health information, which in turn could potentially get you some fines and penalties with HIPAA if you’re not doing the things you’re supposed to be doing.
All right, and number four. What about this one? You get emails that sort of create or invoke a sense of urgency. Double check it. Maybe it’s not a legitimate email. What about the, not recognizing the destination URL or the website, is it a secure website? These are things where I, it professionals help out a ton, but simple little tips like this training our staff and us being aware of them can help prevent massive compromises and breaches of PHI.
Number eight is this email asking for your logging credentials. Seriously, be very cautious. Certainly if you’re not aware that something’s coming across, if anybody asks for your logging information, it’s probably better idea just not to do it unless you’re a hundred percent for sure. Number nine, bad grammar or bad spelling.
I know you’ve seen this. Have you seen emails come across The spelling? Looks a little weird, a little funky. It’s not correct. The grammar doesn’t sound particularly correct as well. Don’t click on it. Just don’t click on it. What about this one? Number 10 is the greeting or signature generic or lack contact info.
Anything that looks funny with emails that are coming across, just don’t click on ’em. ’cause if you do and they’re contaminated and they’re corrupted it’s a lot of energy and it takes a lot of time to make sure that. Compromises of PHI didn’t happen. And you didn’t get hacked. Which kind of brings me to the next one here.
Ransomware. We’ve heard of ransomware. What is ransomware? Ransomware is a threat, to us and to our devices. And what makes this form of malware so unique is the word ransom. Basically, ransom extorts us, these hackers. They’ll steal our information, our protected health information, like our patient’s information, the patient’s files, and they’ll tell us, Hey.
We have this, we’re gonna keep it. You can’t even access it until you pay us X amount of money, and it sometimes is thousands and thousands of dollars. Now I wanna say this, don’t ever pay them until you speak with an IT professional or you speak with someone who you’re very confident, that’s very aware of all of this ransom, this malware don’t do anything until you contact someone, a professional regarding these things.
Okay? So here’s some threat quick tips to be aware of, kinda like we talked about in the phishing side of things. Most ransomware, they’re sent in phishing emails. So you get these funny looking emails, you click on ’em, and guess what? Now they got your information or your patient’s information, and they can hold it ransom.
So don’t click on those things, stay alert when any email prompts you to enter your credentials. If you notice, a lot of these tips are very similar. To the phishing tips. First they gotta get you, and then when they get you, they can hold you for ransom or hold that information for ransom.
So be cautious, before you click any links in any emails that you have, make sure those senders are legitimate and as a proactive measure, check to see whether the computer and network to what you’re connected to have proper intrusion protection systems and software in place. I can’t overemphasize this unless you really need to make sure your computers are secure.
Now that we’ve talked about ransomware, kinda like we talked about phishing and gave you some tips, let’s talk about some tips regarding RAN regarding ransomware and how you can prevent yourselves from getting hacked and having to pay some of these ransom demands. Okay, most ransomware, guess what?
They’re sent in phishing and email campaigns. So be careful if you open up any attachment that may look weird. Funny spelling, grammar, just like we talked about earlier. ’cause once they get that, they can hold your protected health information for ransom. Number two, stay an alert when any email prompts you to enter your credentials.
I know we said this earlier, but it’s really important because these fishers, these scammers, they will check on these things. They will ask for these things and once they have them. They’re into your system and they have your passwords. Be cautious. Before clicking any links looking at the senders and checking the URLs.
Very important. Share all of this information with your staff. ’cause your staff, you may think that, okay, this ain’t gonna happen, but it might if you don’t train your staff on the things they shouldn’t be clicking on and what they need to be aware of as a proactive measure. Check your computer, and make sure the network to which you’re connected have proper intrusion systems and software in place.
It’s so important that you have IT professionals. Help and protect your computer systems. And due to the severity and time sensitivity of ransomware attacks, if you think this is happening, or if you think it happened, or if it’s in the process of happening or something weird is going on with your computer.
Make sure you seek out your IT professionals, because if they get it, it’s a big process of trying to get it back. And then guess what? Now we gotta deal with hipaa. Now we have to deal with the OCR and potential report. And then guess what? We might even have to send notifications to patients. Something we just don’t wanna have to do if it’s not necessary.
So here’s some other things. Preventing loss or theft of equipment or data. Things like taking your laptops or your data in your car. So physical loss of equipment, these things can happen. Or even data access to that you work with daily has to be carefully protected. Alright, so let’s talk about some tips here.
Never leave your laptop or your iPad unattended at work or in transit. Yeah, in transit. What do I mean by that? Like I said, in your vehicles. There are providers that have left their laptops wide open, sitting on the front seat, even sitting on the dash, and they get stolen. It’s not something we want to happen.
Password policies and updating the passwords. These are all things that need to be in your manual. They’re all things that we have to do. They have to be part of your procedures and your policies. If you don’t have these things in play, guess what? You’re not HIPAA compliant and maybe subject to some fines or some penalties.
We don’t want that. It’s not necessary. Don’t share your password with anyone. I know a lot of us, we don’t do these things, but sometimes we do. Staff shouldn’t be, sharing their password with the staff person next to ’em. They need to have unique passwords again. If this is part of your policies and your procedures, USB drives, be very careful if anybody brings in, like a patient, A USB drive.
’cause they want you to look at their files or their imaging. It could be corrupted. So I would avoid. Even going down that road with them, you have to encrypt sensitive data. Of course if you lose anything, number seven here, lose any equipment or if you have any at all suspicious activity on your systems, you have to get on top of this early, seek out the IT people, get ’em to stop it so it doesn’t go any further.
Alerting officials again promptly if something seems suspicious. And keeping your emergency context close by this is so important. I can’t even overemphasize how important this is for you to be aware, but also anybody in your office really needs to be on top of these things. So what are some next steps?
A lot of people say, Hey, I don’t know if I’m compliant or not. Go through a HIPAA download checklist. You can download this right here for your office. You can scan the QR code here, go through and look at these questions. And sometimes they’re not always as a simple yes or no, do you have policies and procedures to protect patient information? A lot of us do. So you could say, oh, I got that one. But do you have. Legitimately written down policies and procedures, what’s the policy? What is it? And the procedure is how do we do it, or how do we implement it?
You have to have all of these in play for everything HIPAA related, even passwords, updating passwords, making sure passwords are strong. All right. A lot of times if you’d ever, if you ever want to, a lot of people like to schedule a demo. They wanna see what our program looks like. So you can do that, you can schedule a demo by going to this go dot fearless provider.com/demo.
You can scan the QR code. We are more than happy to go over it with you. You can look at our program from the inside. A lot of times people just wanna get started. So go to www.fearlessacupuncturist.com. Or you can contact myself at Dr. perry@betterhipaablueprint.com. I’m more than happy to answer any questions that you may have.
So in the meantime, everybody have an amazing day, and thank you so much for joining us here. Take care.